CVE-2017-1270

low

Published 2017-12-20 · Modified 2026-05-13

CVSS v3

3.3

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2

2.1

VIR risk

3.3

Description

IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 124745.

Predictions

Exploit likelihood

34%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=swg22010439

Application impact

Vendor	Product	Versions
ibm	security_guardium	`10.0`
ibm	security_guardium	`10.0.1`
ibm	security_guardium	`10.1.0`
ibm	security_guardium	`10.1.2`
ibm	security_guardium	`10.1.3`

References

http://www.ibm.com/support/docview.wss?uid=swg22010439
https://exchange.xforce.ibmcloud.com/vulnerabilities/124745
http://www.ibm.com/support/docview.wss?uid=swg22010439
https://exchange.xforce.ibmcloud.com/vulnerabilities/124745

CWEs

CWE-384

Verify integrity in audit chain (admin only). AS-IS.