IBM Security AppScan Enterprise before 8.7 does not invalidate the session context upon a logout action, which allows remote attackers to hijack sessions by leveraging an unattended workstation.Referenceshttp://www-01.ibm.com/support/docview.wss?uid=swg21640352https://exchange.xforce.ibmcloud.com/vulnerabilities/84066
