CVE-2019-4591
CVE-2019-4591
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.9EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
13 Jul 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 167451.
CVSS:3.0/S:U/C:L/A:L/AC:L/I:L/AV:L/UI:N/PR:N/E:U/RC:C/RL:O
Affected products
IBM · Maximo Asset Management