Session Fixation Vulnerability in IBM Spectrum Protect Plus
CVE-2020-5021

4MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
8 January 2021

Summary

IBM Spectrum Protect Plus versions 10.1.0 through 10.1.6 contain a session management flaw that fails to invalidate user sessions after a password reset. This vulnerability may allow a local user to impersonate other users on the system, potentially leading to unauthorized access and data exposure. Proper mitigation strategies are necessary to ensure user sessions are securely managed.

Affected Version(s)

Spectrum Protect Plus 10.1.0

Spectrum Protect Plus 10.1.6

References

CVSS V3.1

Score:
4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.