Session Hijacking Vulnerability in IBM Jazz Reporting Service (JRS)

Session Hijacking Vulnerability in IBM Jazz Reporting Service (JRS)

CVE-2016-0315 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 maintain session ID validity after a logout action, which allows remote authenticated users to hijack sessions by leveraging an unattended workstation.

Learn more about our Cis Benchmark Audit For Ibm I.