Session Management Flaw in IBM Security Identity Governance and Intelligence
CVE-2020-4995
4MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 9 February 2021
Summary
A session management vulnerability exists in IBM Security Identity Governance and Intelligence version 5.2.6, allowing users to maintain access without proper session invalidation post-logout. This flaw could enable an attacker to potentially access sensitive information from another user's session, compromising user privacy and data security. Organizations should consider applying updates promptly to mitigate unauthorized access risks.
Affected Version(s)
Security Identity Governance and Intelligence 5.2.6
References
CVSS V3.1
Score:
4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved