CVE-2020-4914

CWE-613Insufficient Session Expiration3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 97.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Cloud PAK SystemIBM Cloud PAK System Software Suite
Timeline
PublishedMay 5

Description

IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 191290.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LExploitability: 0.8 | Impact: 3.4

Affected Packages2 packages

CVEListV5ibm/cloud_pak_system_software_suite2.3.3.02.3.3.5
NVDibm/cloud_pak_system2.3.3.02.3.3.6

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
CVEList
IBM Cloud Pak System Software Suite session fixation2023-05-05
GHSA
GHSA-5vcx-9483-28vf: IBM Cloud Pak System Suite 22023-05-05
CVE-2020-4914 (MEDIUM CVSS 5.5) | IBM Cloud Pak System Suite 2.3.3.0 | cvebase.io