Описание
IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 183328.
IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 183328.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-4555
- https://exchange.xforce.ibmcloud.com/vulnerabilities/183328
- https://www.ibm.com/support/pages/node/6388702
- https://www.ibm.com/support/pages/node/6388704
- https://www.ibm.com/support/pages/node/6388706
- https://www.ibm.com/support/pages/node/6388708
- https://www.ibm.com/support/pages/node/6388722
- https://www.ibm.com/support/pages/node/6388744
Связанные уязвимости
CVSS3: 5.4
nvd
около 5 лет назад
IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 183328.