CVE-2020-4284 | Vulnerability Database | Aqua Security

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI. IBM X-Force ID: 176207.

Weakness

According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”

Affected Software

Name	Vendor	Start Version	End Version
Security_information_queue	Ibm	1.0.0 (including)	1.0.0 (including)
Security_information_queue	Ibm	1.0.1 (including)	1.0.1 (including)
Security_information_queue	Ibm	1.0.2 (including)	1.0.2 (including)
Security_information_queue	Ibm	1.0.3 (including)	1.0.3 (including)
Security_information_queue	Ibm	1.0.4 (including)	1.0.4 (including)
Security_information_queue	Ibm	1.0.5 (including)	1.0.5 (including)

Potential Mitigations

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/176207
https://www.ibm.com/support/pages/node/6172551
https://exchange.xforce.ibmcloud.com/vulnerabilities/176207
https://www.ibm.com/support/pages/node/6172551

NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-4284
CWE	https://cwe.mitre.org/data/definitions/613.html