Session Cookie Security Issue in IBM Curam Social Program Management
CVE-2020-4780

4.3MEDIUM

Key Information:

Vendor
IBM
Status
Curam Spm
Vendor
CVE Published:
12 October 2020

Summary

A vulnerability exists in IBM Curam Social Program Management where the Out-of-the-Box (OOTB) build scripts fail to set the 'secure' attribute on session cookies. This misconfiguration allows the session cookies to be transmitted over non-secure channels, potentially exposing them to unauthorized access and observation by malicious actors. As a result, sensitive user information may be at risk, emphasizing the importance of configuring secure attributes to protect session cookies in web applications.

Affected Version(s)

Curam SPM 7.0.9

Curam SPM 7.0.10

References

https://www.ibm.com/support/pages/node/6346581
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/189158
vdb-entryx_refsource_XF

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.