How severe is CVE-2020-4555?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Vulnerability in Ibm Financial Transaction Manager

CVE-2020-4555

IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 183328.

EPSS: 0.003 (49.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.0/S:U/UI:N/AV:N/PR:L/AC:L/I:L/C:L/A:L/E:U/RL:O/RC:C.

Affected products

Ibm Financial Transaction Manager — versions 3.0.2, 2.1.1, 3.1.0

References

www.ibm.com/support/pages/node/6388702 (x_refsource_CONFIRM)
www.ibm.com/support/pages/node/6388744 (x_refsource_CONFIRM)
www.ibm.com/support/pages/node/6388708 (x_refsource_CONFIRM)
www.ibm.com/support/pages/node/6388706 (x_refsource_CONFIRM)
www.ibm.com/support/pages/node/6388704 (x_refsource_CONFIRM)
www.ibm.com/support/pages/node/6388722 (x_refsource_CONFIRM)
ibm-ftm-cve20204555-session-fixation (183328) (vdb-entry, x_refsource_XF)

Frequently asked questions

What is CVE-2020-4555?: CVE-2020-4555 is a medium-severity vulnerability in Ibm Financial Transaction Manager. CVSS score: 6.3/10. Published 2020-12-21.
How severe is CVE-2020-4555?: Medium severity. CVSS v3 base score is 6.3 out of 10.