Session Management Flaw in IBM Worklight/MobileFoundation
CVE-2020-4229

5.6MEDIUM

Key Information:

Vendor: IBM
Status: Mobilefirst Platform Foundation
Vendor: CVE Published:; 5 June 2020

What is CVE-2020-4229?

IBM Worklight/MobileFoundation version 8.0.0.0 contains a session management vulnerability that fails to adequately invalidate user session cookies upon logout. This oversight could permit unauthorized users to access an active session, escalating the risk of sensitive data exposure and user impersonation. For further insights, please refer to IBM's security advisory and X-Force ID report.

Affected Version(s)

MobileFirst Platform Foundation 8.0.0.0

References

https://www.ibm.com/support/pages/node/6220230

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/175211

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 5, 2020
Vulnerability Reserved
Dec 30, 2019