CVE-2020-4696 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2020-4696

CWE

https://cwe.mitre.org/data/definitions/613.html

IBM Cloud Pak for Security 1.3.0.1(CP4S) does not invalidate session after logout which could allow an authenticated user to obtain sensitive information from the previous session. IBM X-Force ID: 186789.

Weakness

According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”

Affected Software

Name	Vendor	Start Version	End Version
Cloud_pak_for_security	Ibm	1.3.0.1 (including)	1.3.0.1 (including)

Potential Mitigations

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/186789
https://www.ibm.com/support/pages/node/6372528
https://exchange.xforce.ibmcloud.com/vulnerabilities/186789
https://www.ibm.com/support/pages/node/6372528