Session Management Flaw in IBM Worklight/MobileFoundation
CVE-2020-4229

5.6MEDIUM

Key Information:

Vendor
IBM
Status
Mobilefirst Platform Foundation
Vendor
CVE Published:
5 June 2020

Summary

IBM Worklight/MobileFoundation version 8.0.0.0 contains a session management vulnerability that fails to adequately invalidate user session cookies upon logout. This oversight could permit unauthorized users to access an active session, escalating the risk of sensitive data exposure and user impersonation. For further insights, please refer to IBM's security advisory and X-Force ID report.

Affected Version(s)

MobileFirst Platform Foundation 8.0.0.0

References

https://www.ibm.com/support/pages/node/6220230
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/175211
vdb-entryx_refsource_XF

CVSS V3.1

Score:
5.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.