Session Cookie Vulnerability in IBM Publishing Engine
CVE-2020-4316
4.3MEDIUM
Summary
IBM Publishing Engine versions 6.0.6, 6.0.6.1, and 7.0 exhibit a security flaw where the secure attribute is not set on authorization tokens or session cookies. This oversight allows attackers to potentially harvest cookie values by tricking users into clicking on a malicious link or embedding the link within a compromised site. Consequently, the cookies could be transmitted over insecure connections, making them vulnerable to interception during transmission, which could lead to unauthorized access or data exfiltration.
Affected Version(s)
Rational Publishing Engine 6.0.6
Rational Publishing Engine 6.0.6.1
Rational Publishing Engine 7.0
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved