Session Management Flaw in IBM Financial Transaction Manager
CVE-2020-4555

6.3MEDIUM

Key Information:

Vendor
IBM
Status
Financial Transaction Manager
Vendor
CVE Published:
21 December 2020

Summary

IBM Financial Transaction Manager versions 3.0.6 and 3.1.0 contain a weakness in session management, where sessions are not properly invalidated after logout. This flaw allows an authenticated user to potentially impersonate another user, leading to unauthorized access and actions within the application. Organizations using these versions should address this issue to ensure proper session handling and mitigate risks of user impersonation.

Affected Version(s)

Financial Transaction Manager 3.0.2

Financial Transaction Manager 2.1.1

Financial Transaction Manager 3.1.0

References

https://www.ibm.com/support/pages/node/6388702
x_refsource_CONFIRM
https://www.ibm.com/support/pages/node/6388744
x_refsource_CONFIRM
https://www.ibm.com/support/pages/node/6388708
x_refsource_CONFIRM

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.