IBM Storage Scale Session Hijacking 5.1.0.0 - 5.1.9.2
CVE-2023-38002 Published on April 30, 2024

IBM Storage Scale session fixation
IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or manipulate an active session to gain access to the system. IBM X-Force ID: 260208.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2023-38002 is exploitable with network access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
LOW

Weakness Type

Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.


Products Associated with CVE-2023-38002

Want to know whenever a new CVE is published for IBM Storage Scale? stack.watch will email you.

IBM Storage Scale
 

Affected Versions

IBM Storage Scale: ibm storage_scale:

Exploit Probability

EPSS
0.02%
Percentile
3.76%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.