Security Bulletin: IBM Security Information Queue has insufficient session expiration (CVE-2020-4284)

IBM Security Information Queue (ISIQ) does not have a mechanism for terminating idle UI sessions. This leaves an unattended ISIQ session vulnerable to being compromised. As of v1.0.6, ISIQ automatically terminates a session that has been idle for 60 minutes. The timeout value is configurable.

Affected product(s) and affected version(s):

Affected Product(s)	Version(s)
IBM Security Information Queue (ISIQ)	1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6172551

The post Security Bulletin: IBM Security Information Queue has insufficient session expiration (CVE-2020-4284) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/2RhZjDS