2 matches found
CVE-2020-4291
ISIQ (IBM Security Information Queue) 1.0.0–1.0.5 fails to invalidate sessions after logout, enabling potential disclosure of sensitive information due to insufficient timeout functionality in the Web UI. The root cause is improper session termination in ISIQ’s web interface, with CVE-2020-4291 a...
Security Bulletin: IBM Security Information Queue does not invalidate sessions after logout (CVE-2020-4291)
Summary IBM Security Information Queue ISIQ session identifiers are not properly invalidated upon user logout from ISIQ's web UI. This create opportunities for an attacker to hijack a user session token. As of v1.0.6, ISIQ immediately invalidates the session token when a user logs out...