Security Flaw in IBM Guardium Activity Insights Products
CVE-2020-4173
3.1LOW
Summary
IBM Guardium Activity Insights versions 10.6 and 11.0 have a vulnerability that arises from not setting the secure attribute on authorization tokens and session cookies. This oversight allows attackers to potentially intercept cookie values. By tricking users into clicking on an unsecured link embedded in a message or via a malicious site, attackers can capture the cookie data transmitted over the insecure connection. This poses significant risks, as the compromised cookies can lead to unauthorized access to user sessions and sensitive data.
Affected Version(s)
InfoSphere Guardium Activity Monitor 10.6
InfoSphere Guardium Activity Monitor 11.0
References
CVSS V3.1
Score:
3.1
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved