IBM Cloud Pak for Security (CP4S) does not invalidate session immediately after logout which could allow an authenticated user to obtain sensitive information from the previous session if an attacker secured access to a valid token. This has now been addressed.
CVEID:CVE-2020-4696
**DESCRIPTION:**IBM Cloud Pak for Security (CP4S) does not invalidate session after logout which could allow an authenticated user to obtain sensitive information from the previous session.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/186789 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
Cloud Pak for Security (CP4S) | 1.3.0.1 |
Upgrade to IBM Cloud Pak for Security v 1.4.0.0 by following the instructions in <https://www.ibm.com/support/knowledgecenter/en/SSTDPP_1.4.0/platform/docs/security-pak/upgrading.html>
None