CVE-2020-4555

Summary

IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 183328.

Affected Software

VendorProductVersion RangeStatus
IBMFinancial Transaction Manager3.0.2affected
IBMFinancial Transaction Manager2.1.1affected
IBMFinancial Transaction Manager3.1.0affected
IBMFinancial Transaction Manager3.0.5affected
IBMFinancial Transaction Manager3.0.6affected
IBMFinancial Transaction Manager3.0.0affected
IBMFinancial Transaction Manager3.2.2affected
IBMFinancial Transaction Manager3.2.3affected
IBMFinancial Transaction Manager3.2.4affected

Weaknesses

  • Gain Privileges

ADP Enrichment

CVE Program Container

Additional References

References