IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 179358.Referenceshttps://www.ibm.com/support/pages/node/6347592https://exchange.xforce.ibmcloud.com/vulnerabilities/179358
