CVE-2020-4914— IBM Cloud Pak System Software Suite session fixation
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-4914
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
IBM Cloud Pak System Software Suite session fixation
Source: NVD (National Vulnerability Database)
Vulnerability Description
IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 191290.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
不充分的会话过期机制
Source: NVD (National Vulnerability Database)
Vulnerability Title
IBM Cloud Pak System 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
IBM Cloud Pak System是美国国际商业机器(IBM)公司的一套具有可配置、预集成软件的全栈、融合基础架构。该产品支持跨混合云部署、管理和移动应用程序环境。 IBM Cloud Pak System Suite 2.3.3.0版本至2.3.3.5版本存在代码问题漏洞,该漏洞源于不会在注销后使会话失效,这可能允许本地用户模拟系统上的另一个用户。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| IBM | Cloud Pak System Software Suite | 2.3.3.0 ~ 2.3.3.5 | - |
II. Public POCs for CVE-2020-4914
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2020-4914
请登录查看更多情报信息。
Vendor Advisories for CVE-2020-4914 (2)
- https://www.ibm.com/support/pages/node/6967181vendor-advisory
Same Patch Batch · IBM · 2023-05-05 · 7 CVEs total
| CVE-2023-30434 | 6.2 MEDIUM | IBM Storage Scale denial of service |
| CVE-2023-26285 | 5.9 MEDIUM | IBM MQ denial of service |
| CVE-2023-22874 | 5.5 MEDIUM | IBM MQ denial of service |
| CVE-2022-43866 | 5.4 MEDIUM | IBM Maximo Asset Management cross-site scripting |
| CVE-2022-43919 | 5.3 MEDIUM | IBM MQ denial of service |
| CVE-2022-38707 | 4.0 MEDIUM | IBM Cognos Command Center information disclosure |
IV. Related Vulnerabilities
Same vendor: IBM
- CVE-2026-1248
IBM Business Automation Workflow information leak - CVE-2026-7876
Authentication bypass vulnerability found in Aspera High-Spe - CVE-2026-7365
IBM Operations Analytics - Log Analysis is affected by Infor - CVE-2024-56462
IBM QRadar SIEM is vulnerable to using components with known - CVE-2024-40684
IBM Operations Analytics - Log Analysis is affected by Weak
Same weakness: CWE-613
- CVE-2026-9802
Keycloak: keycloak: unauthorized account access via replayed - CVE-2026-8670
Insecure session handling on metrics web server - CVE-2026-1815
Session Hijacking in TEİAŞ's Mobile Application - CVE-2026-44553
Open WebUI: Stale Admin Role in Socket.IO Session Pool Enabl - CVE-2026-22706
Strapi: Password Reset Does Not Revoke Existing Refresh Sess
V. Comments for CVE-2020-4914
No comments yet