What is the severity of CVE-2020-4696?

CVE-2020-4696 is rated as a medium severity vulnerability due to its potential to expose sensitive user information.

How do I fix CVE-2020-4696?

To fix CVE-2020-4696, upgrade to IBM Cloud Pak for Security version 1.3.1 or later, which addresses the session invalidation issue.

What are the potential impacts of CVE-2020-4696?

The potential impact of CVE-2020-4696 includes unauthorized access to sensitive information from a previous session if a user does not fully log out.

Who is affected by CVE-2020-4696?

CVE-2020-4696 affects users of IBM Cloud Pak for Security version 1.3.0.1 and earlier.

Is there a workaround for CVE-2020-4696?

A temporary workaround for CVE-2020-4696 is to ensure users manually clear their session data before logging out.

Vulnerability/
CVE-2020-4696

medium

5.3

CWE

613

5/11/2020

30/11/2020

16/9/2024

CVE-2020-4696

First published: Thu Nov 05 2020(Updated: )

IBM Cloud Pak for Security (CP4S) does not invalidate session after logout which could allow an authenticated user to obtain sensitive information from the previous session.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
	=1.3.0.1
IBM Cloud Pak for Security (CP4S)	<=1.3.0.1

Remedy

https://www.ibm.com/support/pages/node/6372528

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6372528

Frequently Asked Questions

What is the severity of CVE-2020-4696?
CVE-2020-4696 is rated as a medium severity vulnerability due to its potential to expose sensitive user information.
How do I fix CVE-2020-4696?
To fix CVE-2020-4696, upgrade to IBM Cloud Pak for Security version 1.3.1 or later, which addresses the session invalidation issue.
What are the potential impacts of CVE-2020-4696?
The potential impact of CVE-2020-4696 includes unauthorized access to sensitive information from a previous session if a user does not fully log out.
Who is affected by CVE-2020-4696?
CVE-2020-4696 affects users of IBM Cloud Pak for Security version 1.3.0.1 and earlier.
Is there a workaround for CVE-2020-4696?
A temporary workaround for CVE-2020-4696 is to ensure users manually clear their session data before logging out.

collector/nvd-index
agent/references
agent/type
agent/first-publish-date
agent/softwarecombine
agent/weakness
agent/author
agent/severity
agent/remedy
agent/description
collector/ibm-support
source/IBM
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/tags
agent/source
vendor/ibm
canonical/ibm cloud pak for security (cp4s)
version/ibm cloud pak for security (cp4s)/1.3.0.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2020-4696?
CVE-2020-4696 is rated as a medium severity vulnerability due to its potential to expose sensitive user information.
How do I fix CVE-2020-4696?
To fix CVE-2020-4696, upgrade to IBM Cloud Pak for Security version 1.3.1 or later, which addresses the session invalidation issue.
What are the potential impacts of CVE-2020-4696?
The potential impact of CVE-2020-4696 includes unauthorized access to sensitive information from a previous session if a user does not fully log out.
Who is affected by CVE-2020-4696?
CVE-2020-4696 affects users of IBM Cloud Pak for Security version 1.3.0.1 and earlier.
Is there a workaround for CVE-2020-4696?
A temporary workaround for CVE-2020-4696 is to ensure users manually clear their session data before logging out.