Security Flaw in IBM Guardium Activity Insights Products
CVE-2020-4173

3.1LOW

Key Information:

Vendor
IBM
Vendor
CVE Published:
9 July 2020

Summary

IBM Guardium Activity Insights versions 10.6 and 11.0 have a vulnerability that arises from not setting the secure attribute on authorization tokens and session cookies. This oversight allows attackers to potentially intercept cookie values. By tricking users into clicking on an unsecured link embedded in a message or via a malicious site, attackers can capture the cookie data transmitted over the insecure connection. This poses significant risks, as the compromised cookies can lead to unauthorized access to user sessions and sensitive data.

Affected Version(s)

InfoSphere Guardium Activity Monitor 10.6

InfoSphere Guardium Activity Monitor 11.0

References

CVSS V3.1

Score:
3.1
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.