CVE-2020-4291Session Fixation in IBM Security Information Queue

CWE-384Session Fixation3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 64.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Security Information Queue
Timeline
PublishedApr 8
Latest updateMay 24

Description

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI. IBM X-Force ID: 176334.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5ibm/security_information_queue6 versions+5

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-x88q-cqfj-5v26: IBM Security Information Queue (ISIQ) 12022-05-24
CVEList
CVE-2020-4291: IBM Security Information Queue (ISIQ) 12020-04-08
CVE-2020-4291 — Session Fixation in IBM | cvebase