Session Cookie Security Issue in IBM Curam Social Program Management
CVE-2020-4780
4.3MEDIUM
Summary
A vulnerability exists in IBM Curam Social Program Management where the Out-of-the-Box (OOTB) build scripts fail to set the 'secure' attribute on session cookies. This misconfiguration allows the session cookies to be transmitted over non-secure channels, potentially exposing them to unauthorized access and observation by malicious actors. As a result, sensitive user information may be at risk, emphasizing the importance of configuring secure attributes to protect session cookies in web applications.
Affected Version(s)
Curam SPM 7.0.9
Curam SPM 7.0.10
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved