Medium Severity

Security Bulletin: IBM Cloud Pak for Security (CP4S) vulnerable to session handling issue (CVE-2020-4696)

Share this post:

IBM Cloud Pak for Security (CP4S) does not invalidate session immediately after logout which could allow an authenticated user to obtain sensitive information from the previous session if an attacker secured access to a valid token. This has now been addressed.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Cloud Pak for Security (CP4S) 1.3.0.1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6372528

More stories

Security Bulletin: IBM InfoSphere Information Server is affected by a cross-site request forgery vulnerability

Mar 3, 2021 7:00 pm EST | Medium Severity

A cross-site request forgery vulnerability was addressed by IBM InfoSphere Information Server. ...read more


Security Bulletin: IBM MQ Appliance is affected by a systemd vulnerability (CVE-2019-20386)

Mar 3, 2021 7:00 pm EST | Medium Severity

IBM MQ Appliance has resolved a systemd vulnerability. ...read more