Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 prior to 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote malicious users to obtain access by leveraging an unattended workstation.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm jazz reporting service 6.0 |
||
ibm jazz reporting service 6.0.1 |