IBM Jazz Reporting 7.0.2/3 Session Invalidation Bypass Enables User Impersonation
CVE-2024-25051 Published on April 2, 2025
IBM Jazz Reporting Service insufficient session expiration
IBM Jazz Reporting Service 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated privileged user to impersonate another user on the system.
Vulnerability Analysis
CVE-2024-25051 can be exploited with network access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
Products Associated with CVE-2024-25051
Want to know whenever a new CVE is published for IBM Jazz Reporting Service? stack.watch will email you.
Affected Versions
IBM Jazz Reporting Service:- Version 7.0.2 is affected.
- Version 7.0.3 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.