Lucene search
IBM3220B52EA3A38559FBFC72650492FF85D47D737823B6459B7F1BE8C5B10E5CBFHistoryOct 13, 2020 - 3:28 p.m.
Security Bulletin: Security Vulnerabilities have been fixed in IBM Security Access Manager
2020-10-1315:28:50
www.ibm.com
6
0.001 Low
EPSS
Percentile
19.6%
Summary
Fixes for security vulnerabilities are available for the IBM Security Access Manager product.
Vulnerability Details
CVEID:CVE-2020-4395
**DESCRIPTION:**IBM Security Access Manager does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179358 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| ISAM | 9.0 |
Remediation/Fixes
Fix Central
| Product Name | Fixed in VRMF | Fix availability |
|---|---|---|
| IBM Security Access Manager | 9.0.7.2 | fix pack: 9.0.7-ISS-ISAM-FP0002 |
Docker
Log into docker.com and then execute the corresponding command for the release
ISAM 9.0.7.2 - docker pull ibmcom/isam:9.0.7.2
AWS Marketplace
| Product | First Fix availability |
|---|---|
| ISAM | IBM Security Access Manager v9 |
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm security access manager appliance | eq | 9.0.7 |
Related
cve
cve
CVE-2020-4395
2020-10-14 17:15:13
prion
prion
Code injection
2020-10-14 17:15:00
nvd
nvd
CVE-2020-4395
2020-10-14 17:15:13
cvelist
cvelist
CVE-2020-4395
2020-10-13 00:00:00
0.001 Low
EPSS
Percentile
19.6%
Related for 3220B52EA3A38559FBFC72650492FF85D47D737823B6459B7F1BE8C5B10E5CBF