IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced.Referenceshttp://www.securityfocus.com/bid/95115https://www.ibm.com/support/docview.wss?uid=swg21996097
