CVE-2020-4780
4.3
CVSS:3.0/PR:N/AV:N/A:N/I:N/AC:L/S:U/UI:R/C:L/RC:C/RL:O/E:U
Summary
OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorized parties. IBM X-Force ID: 189158.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | Curam SPM | 7.0.9 | affected |
| IBM | Curam SPM | 7.0.10 | affected |
Weaknesses
- Obtain Information
ADP Enrichment
CVE Program Container
Additional References
- https://www.ibm.com/support/pages/node/6346581
- https://exchange.xforce.ibmcloud.com/vulnerabilities/189158
References
- https://www.ibm.com/support/pages/node/6346581
- https://exchange.xforce.ibmcloud.com/vulnerabilities/189158
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.