We were able to identify the JSESSIONID value did not change before and after authentication.
UIM 20.3.3 no hot fixes
Change the JSESSIONID value right after successful authentication, and also ensure that session id’s timeout after certain durations of inactivity.
Release : 20.3
Component : UIM - SECURITY VULNERABILITIES