Fixes for security vulnerabilities are available for the IBM Security Access Manager product.
CVEID:CVE-2020-4395
**DESCRIPTION:**IBM Security Access Manager does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179358 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
ISAM | 9.0 |
Fix Central
Product Name | Fixed in VRMF | Fix availability |
---|---|---|
IBM Security Access Manager | 9.0.7.2 | fix pack: 9.0.7-ISS-ISAM-FP0002 |
Docker
Log into docker.com and then execute the corresponding command for the release
ISAM 9.0.7.2 - docker pull ibmcom/isam:9.0.7.2
AWS Marketplace
Product | First Fix availability |
---|---|
ISAM | IBM Security Access Manager v9 |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security access manager appliance | eq | 9.0.7 |