Session Management Flaw in IBM Security Access Manager Appliance
CVE-2020-4395

6.3MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
14 October 2020

Summary

IBM Security Access Manager Appliance version 9.0.7 suffers from a session management vulnerability where the system fails to invalidate user sessions upon logout. This flaw may allow an authenticated user to continue to access the account of another user, potentially leading to unauthorized actions and data exposure. Organizations using this appliance should review their session handling practices and apply the necessary updates to mitigate potential risks.

Affected Version(s)

Security Access Manager Appliance 9.0.7

References

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.