CVE-2016-8638

Published Jul 12, 2017

Last updated a year ago

CVSS critical 9.1

Overview

Description: A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a "SAML2 multi-session vulnerability."
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 9.1
Impact score: 5.2
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 6.4
Impact score: 4.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-384

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ipsilon_project:ipsilon:1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EFB7EFFE-E740-4BB8-80ED-673CB09613BD"
          },
          {
            "criteria": "cpe:2.3:a:ipsilon_project:ipsilon:1.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5B73BD1-6E0B-4BD3-9F86-84F8BAC2B7A3"
          },
          {
            "criteria": "cpe:2.3:a:ipsilon_project:ipsilon:1.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A12BB361-31E3-4891-8A51-09B68FDD1DF8"
          },
          {
            "criteria": "cpe:2.3:a:ipsilon_project:ipsilon:1.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4313C8A-E084-49F1-A5D7-952E2A99F2AC"
          },
          {
            "criteria": "cpe:2.3:a:ipsilon_project:ipsilon:1.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "358E95D3-46E3-4D29-AE26-D7FDC3D1DDD2"
          },
          {
            "criteria": "cpe:2.3:a:ipsilon_project:ipsilon:1.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D97F85E-BFA2-45C9-BE1F-54D378EBF181"
          },
          {
            "criteria": "cpe:2.3:a:ipsilon_project:ipsilon:2.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB8B7C4A-2080-4EC5-B7AB-DBFF8F991C4C"
          },
          {
            "criteria": "cpe:2.3:a:ipsilon_project:ipsilon:2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C439FC81-92F0-438C-9AB5-9120141B9574"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References