CVE-2016-9703

Description

IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information.

Affected products

• IBM Corporation / Identity Manager6.0 – 6.0
• IBM Corporation / Identity Manager5.0 – 5.0
• IBM Corporation / Identity Manager5.1 – 5.1
• IBM Corporation / Identity Manager6 – 6
• IBM Corporation / Identity Manager7.0 – 7.0
• IBM Corporation / Identity Manager7 – 7

References

• MISChttp://www.securityfocus.com/bid/95327
• MISChttp://www.securitytracker.com/id/1037765
• MISChttp://www.ibm.com/support/docview.wss?uid=swg21996761