Session Cookie Security Issue in IBM Curam Social Program Management
CVE-2020-4780

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Curam Spm
Vendor: CVE Published:; 12 October 2020

What is CVE-2020-4780?

A vulnerability exists in IBM Curam Social Program Management where the Out-of-the-Box (OOTB) build scripts fail to set the 'secure' attribute on session cookies. This misconfiguration allows the session cookies to be transmitted over non-secure channels, potentially exposing them to unauthorized access and observation by malicious actors. As a result, sensitive user information may be at risk, emphasizing the importance of configuring secure attributes to protect session cookies in web applications.

Affected Version(s)

Curam SPM 7.0.9

Curam SPM 7.0.10

References

https://www.ibm.com/support/pages/node/6346581

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/189158

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 12, 2020
Vulnerability Reserved
Dec 30, 2019