First published: Wed Jan 31 2024(Updated: )
IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 275116.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM PowerSC | <=1.3 | |
IBM PowerSC | <=2.0 | |
IBM PowerSC | <=2.1 | |
IBM PowerSC | =1.3 | |
IBM PowerSC | =2.0 | |
IBM PowerSC | =2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-50936 has been rated as a high-severity vulnerability.
To fix CVE-2023-50936, ensure that session invalidation occurs properly after logout for all user accounts.
CVE-2023-50936 affects IBM PowerSC versions 1.3, 2.0, and 2.1.
The impact of CVE-2023-50936 is that it allows an authenticated user to impersonate another user due to session management issues.
Currently, the recommended solution is to apply the available patches or updates from IBM for affected versions.