2 matches found
CVE-2020-4696
CVE-2020-4696 affects IBM Cloud Pak for Security (CP4S) version 1.3.0.1. The root cause is that the session is not invalidated after logout, which could allow an authenticated user to obtain sensitive information from the previous session. Affected software: CP4S 1.3.0.1. Impact described in sour...
Security Bulletin: IBM Cloud Pak for Security (CP4S) vulnerable to session handling issue (CVE-2020-4696)
Summary IBM Cloud Pak for Security CP4S does not invalidate session immediately after logout which could allow an authenticated user to obtain sensitive information from the previous session if an attacker secured access to a valid token. This has now been addressed. Vulnerability Details CVEID:...