What is CVE-2017-1152?

CVE-2017-1152 is a medium-severity vulnerability in Ibm Financial_transaction_manager, classified under Session Fixation. CVSS score: 4.3/10. Published 2017-04-14.

How severe is CVE-2017-1152?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Vulnerability in Ibm Financial_transaction_manager

CVE-2017-1152

IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 122293.

EPSS: 0.001 (32.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

Affected products

Ibm Financial_transaction_manager — versions 3.0.1.0, 3.0.2.0
Ibm Corporation Financial Transaction Manager — versions 3.0.2.0, 3.0.1, 3.0.2.1

Weakness classification (CWE)

CWE-384 — Session Fixation

References

psirt@us.ibm.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
psirt@us.ibm.com (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2017-1152?: CVE-2017-1152 is a medium-severity vulnerability in Ibm Financial_transaction_manager, classified under Session Fixation. CVSS score: 4.3/10. Published 2017-04-14.
How severe is CVE-2017-1152?: Medium severity. CVSS v3 base score is 4.3 out of 10.