Lucene search
IBM784AE5D05EC6FFD56692EEDE875E288027AC13C878C92604ADB3138D1500ACB6HistoryJun 04, 2020 - 1:27 p.m.
Security Bulletin: Session is not invalidated After Logout
2020-06-0413:27:50
www.ibm.com
12
EPSS
0.001
Percentile
34.3%
Summary
IBM Worklight/MobileFoundation has addressed the following vulnerability.The application does not invalidate the validation cookie when the user logs out from the application
Vulnerability Details
CVEID:CVE-2020-4229
**DESCRIPTION:**IBM Worklight does not properly invalidate session cookies when a user logs out of a session, which could allow another user to gain unauthorized access to a userβs session.
CVSS Base score: 5.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/175211 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM MobileFirst Foundation | 8.0.0.0 |
Remediation/Fixes
| Product | VRMF | Remediation/First Fix |
|---|---|---|
| IBM MobileFirst Platform Foundation | 8.0.0.0 | Download the iFix from IBM MobileFirst Platform Foundation on FixCentral |
Workarounds and Mitigations
None
Related
nvd
nvd
CVE-2020-4229
2020-06-05 17:15:11
prion
prion
Code injection
2020-06-05 17:15:00
cvelist
cvelist
CVE-2020-4229
2020-06-05 12:55:17
cve
cve
CVE-2020-4229
2020-06-05 17:15:11
EPSS
0.001
Percentile
34.3%
Related for 784AE5D05EC6FFD56692EEDE875E288027AC13C878C92604ADB3138D1500ACB6