Session Management Flaw in IBM Security Access Manager Appliance
CVE-2020-4395
6.3MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 14 October 2020
Summary
IBM Security Access Manager Appliance version 9.0.7 suffers from a session management vulnerability where the system fails to invalidate user sessions upon logout. This flaw may allow an authenticated user to continue to access the account of another user, potentially leading to unauthorized actions and data exposure. Organizations using this appliance should review their session handling practices and apply the necessary updates to mitigate potential risks.
Affected Version(s)
Security Access Manager Appliance 9.0.7
References
CVSS V3.1
Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved