Nov 25, 2020 7:00 pm EST
Categorized: Medium Severity
Share this post:
IBM Cloud Pak for Security (CP4S) does not invalidate session immediately after logout which could allow an authenticated user to obtain sensitive information from the previous session if an attacker secured access to a valid token. This has now been addressed.
Affected product(s) and affected version(s):
|Cloud Pak for Security (CP4S)
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6372528