## Summary

Invalidate session vulnerability identified in IBM Cloud Pak System UI and Rest API at logout. IBM Cloud Pak System has addressed vulnerability. [CVE-2020-4914]

## Vulnerability Details

** CVEID: **[CVE-2020-4914]()
** DESCRIPTION: **IBM Cloud Pak System does not invalidate session after logout which could allow a local user to impersonate another user on the system.
CVSS Base score: 4.2
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191290]() for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L)

## Affected Products and Versions

**Affected Product(s)**| **Version(s)**
—|—
IBM Cloud Pak System Software Suite| 2.3.3.0 – 2.3.3.5
IBM Cloud Pak System| 2.3

For earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.

## Remediation/Fixes

The recommended solution is to apply the fix reported below as soon as practical.

In response to vulnerability IBM release Cloud Pak System v2.3.3.6 on Intel, v2.3.3.7 on Power targeted availability 2Q2023.

For IBM Cloud Pak System v2.3.0.1, v2.3.1.0, v2.3.3.0, v2.3.3.1, v2.3.3.2, v2.3.3.3, v2.3.3.3 Interim Fix1, v2.3.3.4, v2.3.3.5,

Upgrade to Cloud Pak System v2.3.3.6 available at [FixCentral]( “FixCentral” ).

Information on upgrading at :

## Workarounds and Mitigations

None

##Read More