CVE-2021-20473

Name of the Vulnerable Software and Affected Versions: IBM Sterling File Gateway User Interface versions 2.2.0.0 through 6.1.1.0

Description: The issue arises because the system does not invalidate the session after a user logs out, potentially allowing an authenticated user to impersonate another user on the system.

Recommendations: For versions 2.2.0.0 through 6.1.1.0, consider implementing a custom session invalidation mechanism after user logout as a temporary workaround until a patch is available. Restrict access to sensitive features that could be exploited by an impersonated user to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.