CVE-2016-8638
Description
A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a SAML2 multi-session vulnerability.
Risk Information
Base Score
9.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score
Exploitation Probability
7.142
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2016-8638 are fixed in Python-ipsilon 1.2.1 | Windows |
| (RHSA-2016:2809) Important: ipsilon security update ipsilon-1.0.0-13.el7_3.noarch.rpm | Linux |
| (RHSA-2016:2809) Important: ipsilon security update ipsilon-authform-1.0.0-13.el7_3.noarch.rpm | Linux |
| (RHSA-2016:2809) Important: ipsilon security update ipsilon-authgssapi-1.0.0-13.el7_3.noarch.rpm | Linux |
| (RHSA-2016:2809) Important: ipsilon security update ipsilon-authldap-1.0.0-13.el7_3.noarch.rpm | Linux |
| (RHSA-2016:2809) Important: ipsilon security update ipsilon-base-1.0.0-13.el7_3.noarch.rpm | Linux |
| (RHSA-2016:2809) Important: ipsilon security update ipsilon-client-1.0.0-13.el7_3.noarch.rpm | Linux |
| (RHSA-2016:2809) Important: ipsilon security update ipsilon-filesystem-1.0.0-13.el7_3.noarch.rpm | Linux |
| (RHSA-2016:2809) Important: ipsilon security update ipsilon-infosssd-1.0.0-13.el7_3.noarch.rpm | Linux |
| (RHSA-2016:2809) Important: ipsilon security update ipsilon-persona-1.0.0-13.el7_3.noarch.rpm | Linux |
| (RHSA-2016:2809) Important: ipsilon security update ipsilon-saml2-1.0.0-13.el7_3.noarch.rpm | Linux |
| (RHSA-2016:2809) Important: ipsilon security update ipsilon-saml2-base-1.0.0-13.el7_3.noarch.rpm | Linux |
| (RHSA-2016:2809) Important: ipsilon security update ipsilon-tools-ipa-1.0.0-13.el7_3.noarch.rpm | Linux |
| Ipsilon update (ELSA-2016-2809) ipsilon-1.0.0-13.el7_3.noarch.rpm | Linux |
| Ipsilon-authform update (ELSA-2016-2809) ipsilon-authform-1.0.0-13.el7_3.noarch.rpm | Linux |
| Ipsilon-authgssapi update (ELSA-2016-2809) ipsilon-authgssapi-1.0.0-13.el7_3.noarch.rpm | Linux |
| Ipsilon-authldap update (ELSA-2016-2809) ipsilon-authldap-1.0.0-13.el7_3.noarch.rpm | Linux |
| Ipsilon-base update (ELSA-2016-2809) ipsilon-base-1.0.0-13.el7_3.noarch.rpm | Linux |
| Ipsilon-client update (ELSA-2016-2809) ipsilon-client-1.0.0-13.el7_3.noarch.rpm | Linux |
| Ipsilon-filesystem update (ELSA-2016-2809) ipsilon-filesystem-1.0.0-13.el7_3.noarch.rpm | Linux |
| Ipsilon-infosssd update (ELSA-2016-2809) ipsilon-infosssd-1.0.0-13.el7_3.noarch.rpm | Linux |
| Ipsilon-persona update (ELSA-2016-2809) ipsilon-persona-1.0.0-13.el7_3.noarch.rpm | Linux |
| Ipsilon-saml2 update (ELSA-2016-2809) ipsilon-saml2-1.0.0-13.el7_3.noarch.rpm | Linux |
| Ipsilon-saml2-base update (ELSA-2016-2809) ipsilon-saml2-base-1.0.0-13.el7_3.noarch.rpm | Linux |
| Ipsilon-tools-ipa update (ELSA-2016-2809) ipsilon-tools-ipa-1.0.0-13.el7_3.noarch.rpm | Linux |
| (CESA-2016:2809) Important: ipsilon security update ipsilon-1.0.0-13.el7_3.noarch.rpm | Linux |
| (CESA-2016:2809) Important: ipsilon security update ipsilon-authform-1.0.0-13.el7_3.noarch.rpm | Linux |
| (CESA-2016:2809) Important: ipsilon security update ipsilon-authgssapi-1.0.0-13.el7_3.noarch.rpm | Linux |
| (CESA-2016:2809) Important: ipsilon security update ipsilon-authldap-1.0.0-13.el7_3.noarch.rpm | Linux |
| (CESA-2016:2809) Important: ipsilon security update ipsilon-base-1.0.0-13.el7_3.noarch.rpm | Linux |
| (CESA-2016:2809) Important: ipsilon security update ipsilon-client-1.0.0-13.el7_3.noarch.rpm | Linux |
| (CESA-2016:2809) Important: ipsilon security update ipsilon-filesystem-1.0.0-13.el7_3.noarch.rpm | Linux |
| (CESA-2016:2809) Important: ipsilon security update ipsilon-infosssd-1.0.0-13.el7_3.noarch.rpm | Linux |
| (CESA-2016:2809) Important: ipsilon security update ipsilon-persona-1.0.0-13.el7_3.noarch.rpm | Linux |
| (CESA-2016:2809) Important: ipsilon security update ipsilon-saml2-1.0.0-13.el7_3.noarch.rpm | Linux |
| (CESA-2016:2809) Important: ipsilon security update ipsilon-saml2-base-1.0.0-13.el7_3.noarch.rpm | Linux |
| (CESA-2016:2809) Important: ipsilon security update ipsilon-tools-ipa-1.0.0-13.el7_3.noarch.rpm | Linux |
| Vulnerabilities CVE-2016-8638 are fixed in Python-ipsilon for linux 1.2.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234