Session Management Flaw in IBM Security Identity Governance and Intelligence
CVE-2020-4995

4MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
9 February 2021

Summary

A session management vulnerability exists in IBM Security Identity Governance and Intelligence version 5.2.6, allowing users to maintain access without proper session invalidation post-logout. This flaw could enable an attacker to potentially access sensitive information from another user's session, compromising user privacy and data security. Organizations should consider applying updates promptly to mitigate unauthorized access risks.

Affected Version(s)

Security Identity Governance and Intelligence 5.2.6

References

CVSS V3.1

Score:
4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.