CVE-2020-4253

CWE-613 — Insufficient Session Expiration3 documents3 sources

Severity

8.8HIGH

EPSS

0.2%

top 54.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Content Navigator

Timeline

PublishedMar 24

Latest updateMay 24

Description

IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 175559.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5ibm/content_navigator3.0CD

▶NVDibm/content_navigator3.0.0

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-8mx2-gx23-v8q6: IBM Content Navigator 3↗2022-05-24

▶

CVEList

CVE-2020-4253: IBM Content Navigator 3↗2020-03-24

▶