IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information.Referenceshttp://www.securityfocus.com/bid/95327http://www.securitytracker.com/id/1037765http://www.ibm.com/support/docview.wss?uid=swg21996761
