CVE-2013-4001
First published: Sat Dec 14 2013(Updated: )
Session fixation vulnerability in IBM Cognos Command Center before 10.2 allows remote attackers to hijack web sessions via an authorization cookie.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Cognos Command Center | <=10.1 | |
| IBM Cognos Command Center | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-4001?
CVE-2013-4001 has a medium severity level as it allows remote attackers to hijack web sessions.
How do I fix CVE-2013-4001?
To fix CVE-2013-4001, upgrade IBM Cognos Command Center to version 10.2 or later.
Which versions of IBM Cognos Command Center are affected by CVE-2013-4001?
CVE-2013-4001 affects IBM Cognos Command Center versions 10.0 and 10.1.
What type of vulnerability is CVE-2013-4001?
CVE-2013-4001 is a session fixation vulnerability that allows web session hijacking.
Can CVE-2013-4001 be exploited remotely?
Yes, CVE-2013-4001 can be exploited remotely by attackers through an authorization cookie.
- agent/description
- agent/event
- agent/references
- agent/type
- agent/weakness
- collector/nvd-index
- vendor/ibm
- canonical/ibm cognos command center
- version/ibm cognos command center/10.1
- version/ibm cognos command center/10.0