CVE-2016-8638 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2016-8638 Interim 1 4 2025-10-05T02:36:06Z current 2023-10-31T01:16:47Z 2025-10-05T02:36:06Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2016-8638 A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a "SAML2 multi-session vulnerability." The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Liberty Linux 7 SUSE Liberty Linux 7 LTSS ipsilon-1.0.0-13.el7_3 ipsilon-authform-1.0.0-13.el7_3 ipsilon-authgssapi-1.0.0-13.el7_3 ipsilon-authldap-1.0.0-13.el7_3 ipsilon-base-1.0.0-13.el7_3 ipsilon-client-1.0.0-13.el7_3 ipsilon-filesystem-1.0.0-13.el7_3 ipsilon-infosssd-1.0.0-13.el7_3 ipsilon-persona-1.0.0-13.el7_3 ipsilon-saml2-1.0.0-13.el7_3 ipsilon-saml2-base-1.0.0-13.el7_3 ipsilon-tools-ipa-1.0.0-13.el7_3 ipsilon-1.0.0-13.el7_3 as a component of SUSE Liberty Linux 7 ipsilon-authform-1.0.0-13.el7_3 as a component of SUSE Liberty Linux 7 ipsilon-authgssapi-1.0.0-13.el7_3 as a component of SUSE Liberty Linux 7 ipsilon-authldap-1.0.0-13.el7_3 as a component of SUSE Liberty Linux 7 ipsilon-base-1.0.0-13.el7_3 as a component of SUSE Liberty Linux 7 ipsilon-client-1.0.0-13.el7_3 as a component of SUSE Liberty Linux 7 ipsilon-filesystem-1.0.0-13.el7_3 as a component of SUSE Liberty Linux 7 ipsilon-infosssd-1.0.0-13.el7_3 as a component of SUSE Liberty Linux 7 ipsilon-persona-1.0.0-13.el7_3 as a component of SUSE Liberty Linux 7 ipsilon-saml2-1.0.0-13.el7_3 as a component of SUSE Liberty Linux 7 ipsilon-saml2-base-1.0.0-13.el7_3 as a component of SUSE Liberty Linux 7 ipsilon-tools-ipa-1.0.0-13.el7_3 as a component of SUSE Liberty Linux 7 ipsilon-1.0.0-13.el7_3 as a component of SUSE Liberty Linux 7 LTSS ipsilon-authform-1.0.0-13.el7_3 as a component of SUSE Liberty Linux 7 LTSS ipsilon-authgssapi-1.0.0-13.el7_3 as a component of SUSE Liberty Linux 7 LTSS ipsilon-authldap-1.0.0-13.el7_3 as a component of SUSE Liberty Linux 7 LTSS ipsilon-base-1.0.0-13.el7_3 as a component of SUSE Liberty Linux 7 LTSS ipsilon-client-1.0.0-13.el7_3 as a component of SUSE Liberty Linux 7 LTSS ipsilon-filesystem-1.0.0-13.el7_3 as a component of SUSE Liberty Linux 7 LTSS ipsilon-infosssd-1.0.0-13.el7_3 as a component of SUSE Liberty Linux 7 LTSS ipsilon-persona-1.0.0-13.el7_3 as a component of SUSE Liberty Linux 7 LTSS ipsilon-saml2-1.0.0-13.el7_3 as a component of SUSE Liberty Linux 7 LTSS ipsilon-saml2-base-1.0.0-13.el7_3 as a component of SUSE Liberty Linux 7 LTSS ipsilon-tools-ipa-1.0.0-13.el7_3 as a component of SUSE Liberty Linux 7 LTSS A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a "SAML2 multi-session vulnerability." CVE-2016-8638 SUSE Liberty Linux 7:ipsilon-1.0.0-13.el7_3 SUSE Liberty Linux 7:ipsilon-authform-1.0.0-13.el7_3 SUSE Liberty Linux 7:ipsilon-authgssapi-1.0.0-13.el7_3 SUSE Liberty Linux 7:ipsilon-authldap-1.0.0-13.el7_3 SUSE Liberty Linux 7:ipsilon-base-1.0.0-13.el7_3 SUSE Liberty Linux 7:ipsilon-client-1.0.0-13.el7_3 SUSE Liberty Linux 7:ipsilon-filesystem-1.0.0-13.el7_3 SUSE Liberty Linux 7:ipsilon-infosssd-1.0.0-13.el7_3 SUSE Liberty Linux 7:ipsilon-persona-1.0.0-13.el7_3 SUSE Liberty Linux 7:ipsilon-saml2-1.0.0-13.el7_3 SUSE Liberty Linux 7:ipsilon-saml2-base-1.0.0-13.el7_3 SUSE Liberty Linux 7:ipsilon-tools-ipa-1.0.0-13.el7_3 SUSE Liberty Linux 7 LTSS:ipsilon-1.0.0-13.el7_3 SUSE Liberty Linux 7 LTSS:ipsilon-authform-1.0.0-13.el7_3 SUSE Liberty Linux 7 LTSS:ipsilon-authgssapi-1.0.0-13.el7_3 SUSE Liberty Linux 7 LTSS:ipsilon-authldap-1.0.0-13.el7_3 SUSE Liberty Linux 7 LTSS:ipsilon-base-1.0.0-13.el7_3 SUSE Liberty Linux 7 LTSS:ipsilon-client-1.0.0-13.el7_3 SUSE Liberty Linux 7 LTSS:ipsilon-filesystem-1.0.0-13.el7_3 SUSE Liberty Linux 7 LTSS:ipsilon-infosssd-1.0.0-13.el7_3 SUSE Liberty Linux 7 LTSS:ipsilon-persona-1.0.0-13.el7_3 SUSE Liberty Linux 7 LTSS:ipsilon-saml2-1.0.0-13.el7_3 SUSE Liberty Linux 7 LTSS:ipsilon-saml2-base-1.0.0-13.el7_3 SUSE Liberty Linux 7 LTSS:ipsilon-tools-ipa-1.0.0-13.el7_3 critical 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P 9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H