CVE-2020-4555

CWE-3843 documents3 sources
Severity
5.4MEDIUM
EPSS
0.3%
top 50.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Financial Transaction Manager
Timeline
PublishedDec 21
Latest updateMay 24

Description

IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 183328.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

CVEListV5ibm/financial_transaction_manager9 versions+8

Patches

Patch: www.ibm.comPatch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-32xw-6g8c-rxjj: IBM Financial Transaction Manager 32022-05-24
CVEList
CVE-2020-4555: IBM Financial Transaction Manager 32020-12-21
CVE-2020-4555 (MEDIUM CVSS 5.4) | IBM Financial Transaction Manager 3 | cvebase.io