Medium Severity

Security Bulletin: IBM Cloud Pak for Security (CP4S) vulnerable to session handling issue (CVE-2020-4696)

Nov 25, 2020 7:00 pm EST

Categorized: Medium Severity

Share this post:

IBM Cloud Pak for Security (CP4S) does not invalidate session immediately after logout which could allow an authenticated user to obtain sensitive information from the previous session if an attacker secured access to a valid token. This has now been addressed.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Cloud Pak for Security (CP4S) 1.3.0.1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6372528


Previous Post

Security Bulletin: CP4S 1.3.0.1 fails to use HTTPOnly flag (CVE-2020-4625)

Next Post

Security Bulletin: IBM Network Performance Insight is affected by Apache Commons Codec vulnerability
More stories

Security Bulletin: IBM InfoSphere Information Server is affected by a cross-site request forgery vulnerability

Mar 3, 2021 7:00 pm EST | Medium Severity

A cross-site request forgery vulnerability was addressed by IBM InfoSphere Information Server. ...read more

Security Bulletin: IBM MQ Appliance is affected by a systemd vulnerability (CVE-2019-20386)

Mar 3, 2021 7:00 pm EST | Medium Severity

IBM MQ Appliance has resolved a systemd vulnerability. ...read more

Security Bulletin: IBM MQ Appliance is affected by libexpat vulnerabilities (CVE-2018-20843, CVE-2019-15903)

Mar 3, 2021 7:00 pm EST | Medium Severity

IBM MQ Appliance has resolved libexpat vulnerabilities. ...read more