CVE-2018-1375 : What You Need to Know

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 is vulnerable to a session fixation/hijacking issue due to the failure to refresh the session variable post successful authentication.

Understanding CVE-2018-1375

This CVE involves a security vulnerability in IBM Security Guardium Big Data Intelligence (SonarG) 3.1 that could potentially lead to session fixation/hijacking.

What is CVE-2018-1375?

The session variable in IBM Security Guardium Big Data Intelligence (SonarG) 3.1 is not refreshed after a user successfully authenticates. This could potentially expose a session fixation/hijacking vulnerability, allowing an attacker to access a user's known cookie.

The Impact of CVE-2018-1375

CVSS Base Score: 5.9 (Medium Severity)
Attack Vector: Network
Confidentiality Impact: High
Exploit Code Maturity: Unproven
This vulnerability could lead to unauthorized access to user sessions and sensitive information.

Technical Details of CVE-2018-1375

Vulnerability Description

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 fails to renew the session variable after successful authentication, potentially enabling session fixation/hijacking attacks.

Affected Systems and Versions

Affected Product: Security Guardium Big Data Intelligence
Vendor: IBM
Affected Version: 3.1

Exploitation Mechanism

The vulnerability could be exploited by an attacker to hijack user sessions and gain unauthorized access to sensitive data.

Mitigation and Prevention

Immediate Steps to Take

IBM recommends applying the official fix provided by the vendor.
Monitor for any unauthorized access or suspicious activities on the affected systems.

Long-Term Security Practices

Regularly update and patch the software to prevent known vulnerabilities.
Implement strong session management practices to mitigate session fixation/hijacking risks.

Patching and Updates

Ensure that the Security Guardium Big Data Intelligence software is updated to the latest version containing the fix for this vulnerability.