IBM Cloud Private - Session not invalidated on logout (CVE-2019-4439)
CVEID: CVE-2019-4439 DESCRIPTION: IBM Cloud private does not invalidate session after logout which could allow a local user to impersonate another user on the system.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/162949> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
IBM Cloud Private 3.1.0, 3.1.1, 3.1.2
Product defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages
For IBM Cloud Private 3.1.2, apply patch:
For IBM Cloud Private 3.1.1, apply patch:
For IBM Cloud Private, 3.1.0:
None