CVE-2013-2997
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
08/09/2013
Last modified:
11/04/2025
Description
IBM Security AppScan Enterprise before 8.7 does not invalidate the session context upon a logout action, which allows remote attackers to hijack sessions by leveraging an unattended workstation.
Impact
Base Score 2.0
1.70
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ibm:security_appscan:*:-:enterprise:*:*:*:*:* | 8.6.0.2 (including) | |
| cpe:2.3:a:ibm:security_appscan:5.6.0.0:-:enterprise:*:*:*:*:* | ||
| cpe:2.3:a:ibm:security_appscan:6.0.0.0:-:enterprise:*:*:*:*:* | ||
| cpe:2.3:a:ibm:security_appscan:6.0.1.0:-:enterprise:*:*:*:*:* | ||
| cpe:2.3:a:ibm:security_appscan:6.0.2.0:-:enterprise:*:*:*:*:* | ||
| cpe:2.3:a:ibm:security_appscan:6.1.1.0:-:enterprise:*:*:*:*:* | ||
| cpe:2.3:a:ibm:security_appscan:8.0.0.0:-:enterprise:*:*:*:*:* | ||
| cpe:2.3:a:ibm:security_appscan:8.0.0.1:-:enterprise:*:*:*:*:* | ||
| cpe:2.3:a:ibm:security_appscan:8.0.0.2:-:enterprise:*:*:*:*:* | ||
| cpe:2.3:a:ibm:security_appscan:8.0.1.0:-:enterprise:*:*:*:*:* | ||
| cpe:2.3:a:ibm:security_appscan:8.0.1.1:-:enterprise:*:*:*:*:* | ||
| cpe:2.3:a:ibm:security_appscan:8.0.11:-:enterprise:*:*:*:*:* | ||
| cpe:2.3:a:ibm:security_appscan:8.5.0.0:-:enterprise:*:*:*:*:* | ||
| cpe:2.3:a:ibm:security_appscan:8.5.0.1:-:enterprise:*:*:*:*:* | ||
| cpe:2.3:a:ibm:security_appscan:8.6.0.0:-:enterprise:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page