Session Hijacking Vulnerability in IBM Tivoli Storage Productivity Center

Session Hijacking Vulnerability in IBM Tivoli Storage Productivity Center

CVE-2019-4072 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) allows users to remain idle within the application even when a user has logged out. Utilizing the application back button users can remain logged in as the current user for a short period of time, therefore users are presented with information for Spectrum Control Application. IBM X-Force ID: 157064.

Learn more about our User Device Pen Test.