Session Management Flaw in IBM Financial Transaction Manager
CVE-2020-4555
6.3MEDIUM
Summary
IBM Financial Transaction Manager versions 3.0.6 and 3.1.0 contain a weakness in session management, where sessions are not properly invalidated after logout. This flaw allows an authenticated user to potentially impersonate another user, leading to unauthorized access and actions within the application. Organizations using these versions should address this issue to ensure proper session handling and mitigate risks of user impersonation.
Affected Version(s)
Financial Transaction Manager 3.0.2
Financial Transaction Manager 2.1.1
Financial Transaction Manager 3.1.0
References
CVSS V3.1
Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved