High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2020-4253
High
Low
Medium
High
Critical
8.8
CVSS Score
Vulnerability Description
IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 175559.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
N
Attack Complexity
L
Privileges Required
L
User Interaction
N
Scope
U
Confidentiality
H
Integrity
H
Availability
H
Known Affected Software
1 configuration(s) from 1 vendor(s)
content_navigator
Version:
3.0.0
CPE:
cpe:2.3:a:ibm:content_navigator:3.0.0:*:*:*:continuous_delivery:*:*:*
This vulnerability affects 1 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/175559psirt@us.ibm.com VDB Entry Vendor Advisory
-
https://www.ibm.com/support/pages/node/6116020psirt@us.ibm.com Patch Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/175559af854a3a-2127-422b-91ae-364da2661108 VDB Entry Vendor Advisory
-
https://www.ibm.com/support/pages/node/6116020af854a3a-2127-422b-91ae-364da2661108 Patch Vendor Advisory
Severity Details
8.8
out of 10.0
High
Weakness Type (CWE)
CWE-613
Insufficient Session Expiration
- Description
- According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
- Typical Severity
- Medium
- Abstraction Level
- Base
Key Information
- Published Date
- March 24, 2020
