IBM Security Identity Manager has addressed the following vulnerability due to allowing a privileged local user to perform unauthorized actions
CVEID:CVE-2020-4538
**DESCRIPTION:**IBM Security Identity Manager could allow a privileged local user to perform unauthorized actions due to reuse of another users JSESSIONID.
CVSS Base score: 6.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/182913 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
ISIM | 6.0.0 |
Affected Product / Version | Fix availability |
---|---|
IBM Security Identity Manager 6.0.0 | 6.0.0-ISS-SIM-FP0023 |
None