CVE-2024-25051

Summary

IBM Jazz Reporting Service 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated privileged user to impersonate another user on the system.

Affected Software

VendorProductVersion RangeStatus
IBMJazz Reporting Service7.0.2affected
IBMJazz Reporting Service7.0.3affected

Weaknesses

  • CWE-613: CWE-613 Insufficient Session Expiration

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References