CVE-2023-0041: IBM Security Guardium session fixation

Q: What is the vulnerability ID of this IBM Security Guardium vulnerability?

The vulnerability ID is CVE-2023-0041.

Q: What is the severity level of CVE-2023-0041?

The severity level of CVE-2023-0041 is high.

Q: How does IBM Security Guardium 11.5 become vulnerable to CVE-2023-0041?

IBM Security Guardium 11.5 becomes vulnerable to CVE-2023-0041 due to insufficient session expiration.

Q: What is the IBM X-Force ID associated with this vulnerability?

The IBM X-Force ID associated with this vulnerability is 243657.

Q: Are previous versions of IBM Security Guardium also affected by CVE-2023-0041?

Yes, previous versions up to and including 11.5 of IBM Security Guardium are affected by CVE-2023-0041.

Published May 30, 2023

Updated

IBM Security Guardium 11.5 could allow a user to take over another user's session due to insufficient session expiration. IBM X-Force ID: 243657.

Other sources

IBM Security Guardium could allow a user to take over another user's session due to insufficient session expiration.

Affected Software

5 affected components

IBM Security Guardium<=11.3

IBM Security Guardium<=11.4

IBM Security Guardium<=11.5

IBM Security Guardium=11.5

Linux Linux kernel

Remediation

Patch Available

https://www.ibm.com/support/pages/node/7000021

Event History

May 30, 2023

CVE Published

via IBM·12:00 AM

Data Sourced

via IBM·12:00 AM

DescriptionSeverityAffected Software

Jun 5, 2023

CVE Published

via MITRE·12:53 AM

Data Sourced

via MITRE·12:53 AM

DescriptionSeverityWeakness

Parent advisories

This vulnerability appears in the following advisories.

IBM-7000021

Frequently Asked Questions

What is the vulnerability ID of this IBM Security Guardium vulnerability?

The vulnerability ID is CVE-2023-0041.

What is the severity level of CVE-2023-0041?