Information Disclosure Vulnerability in IBM Security SiteProtector
CVE-2020-4146

4MEDIUM

Key Information:

Vendor: IBM
Status: Security Siteprotector System
Vendor: CVE Published:; 12 November 2021

What is CVE-2020-4146?

IBM Security SiteProtector System 3.1.1 is vulnerable due to the absence of the 'HttpOnly' flag in its security settings. This lack of protection allows remote attackers to exploit the vulnerability and potentially access sensitive information stored in cookies, exposing users to data theft and unauthorized access. It is crucial for organizations using this product to implement necessary security measures to mitigate the risk associated with this vulnerability.

Affected Version(s)

Security SiteProtector System 3.1.1

References

https://www.ibm.com/support/pages/node/6515056

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/174129

vdb-entryx_refsource_XF

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2021
Vulnerability Reserved
Dec 30, 2019