Main Vulnerability Database SB2020080519

SB2020080519 - Session Fixation in IBM Security Identity Governance and Intelligence (IGI)

Published: August 5, 2020 Updated: August 8, 2020

Security Bulletin ID SB2020080519

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Session Fixation (CVE-ID: CVE-2020-4243)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

IBM Security Identity Governance and Intelligence 5.2.6 Virtual Appliance could allow a remote attacker to obtain sensitive information using man in the middle techniques due to not properly invalidating session tokens. IBM X-Force ID: 175420.

Remediation

Install update from vendor's website.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/175420
https://www.ibm.com/support/pages/node/6255972