2 matches found
CVE-2020-4284
IBM Security Information Queue (ISIQ) versions 1.0.0–1.0.5 are affected by CVE-2020-4284 due to insufficient session timeout in the Web UI, enabling potential disclosure of sensitive information to unauthorized users. The IBM security bulletin notes that as of ISIQ v1.0.6, sessions are automatica...
Security Bulletin: IBM Security Information Queue has insufficient session expiration (CVE-2020-4284)
Summary IBM Security Information Queue ISIQ does not have a mechanism for terminating idle UI sessions. This leaves an unattended ISIQ session vulnerable to being compromised. As of v1.0.6, ISIQ automatically terminates a session that has been idle for 60 minutes. The timeout value is configurabl...