What is the severity of CVE-2021-20431?

The CVE-2021-20431 vulnerability is classified as a medium severity issue due to its potential to expose sensitive information.

How do I fix CVE-2021-20431?

To remediate CVE-2021-20431, ensure that you update IBM i2 Analyst's Notebook Premium to the latest version where session invalidation after logout is properly implemented.

Which versions of IBM i2 Analyst's Notebook Premium are affected by CVE-2021-20431?

CVE-2021-20431 affects IBM i2 Analyst's Notebook Premium versions 9.2.0, 9.2.1, and 9.2.2.

Is my data at risk with CVE-2021-20431?

Yes, CVE-2021-20431 poses a risk as it allows attackers to potentially access sensitive information from a session that has not been properly invalidated after logout.

What is the nature of the vulnerability described in CVE-2021-20431?

CVE-2021-20431 is a session management vulnerability that fails to invalidate a user's session after logout, leading to potential information leakage.

Vulnerability/
CVE-2021-20431

medium

6.5

CWE

613

21/7/2021

23/7/2021

3/8/2024

CVE-2021-20431

First published: Wed Jul 21 2021(Updated: )

IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not invalidate session after logout which could allow an an attacker to obtain sensitive information from the system. IBM X-Force ID: 196342.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM i2 Analyst's Notebook Premium	<=IBM i2 Analyst's Notebook Premium 9.2.0
IBM i2 Analyst's Notebook Premium	<=All
IBM i2 Analyst's Notebook Premium	<=IBM i2 Analyst's Notebook Premium 9.2.2
IBM i2 Analyst's Notebook Premium	<=IBM i2 Analyst's Notebook Premium 9.2.1
IBM i2 Analyst's Notebook	=9.2.0
IBM i2 Analyst's Notebook	=9.2.1
IBM i2 Analyst's Notebook	=9.2.2
Linux Kernel
Microsoft Windows

Remedy

https://www.ibm.com/support/pages/node/6474865

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6474865

Frequently Asked Questions

What is the severity of CVE-2021-20431?
The CVE-2021-20431 vulnerability is classified as a medium severity issue due to its potential to expose sensitive information.
How do I fix CVE-2021-20431?
To remediate CVE-2021-20431, ensure that you update IBM i2 Analyst's Notebook Premium to the latest version where session invalidation after logout is properly implemented.
Which versions of IBM i2 Analyst's Notebook Premium are affected by CVE-2021-20431?
CVE-2021-20431 affects IBM i2 Analyst's Notebook Premium versions 9.2.0, 9.2.1, and 9.2.2.
Is my data at risk with CVE-2021-20431?
Yes, CVE-2021-20431 poses a risk as it allows attackers to potentially access sensitive information from a session that has not been properly invalidated after logout.
What is the nature of the vulnerability described in CVE-2021-20431?
CVE-2021-20431 is a session management vulnerability that fails to invalidate a user's session after logout, leading to potential information leakage.

agent/references
agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/weakness
agent/remedy
agent/author
agent/last-modified-date
agent/severity
agent/description
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/event
agent/trending
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm i2 analyst's notebook premium
version/ibm i2 analyst's notebook premium/ibm i2 analyst's notebook premium 9.2.0
version/ibm i2 analyst's notebook premium/all
version/ibm i2 analyst's notebook premium/ibm i2 analyst's notebook premium 9.2.2
version/ibm i2 analyst's notebook premium/ibm i2 analyst's notebook premium 9.2.1
canonical/ibm i2 analyst's notebook
version/ibm i2 analyst's notebook/9.2.0
version/ibm i2 analyst's notebook/9.2.1
version/ibm i2 analyst's notebook/9.2.2
vendor/linux
canonical/linux kernel
vendor/microsoft
canonical/microsoft windows