CVE-2020-4780

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Curam Spm
Vendor: CVE Published:; 12 October 2020

Summary

OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorized parties. IBM X-Force ID: 189158.

Affected Version(s)

Curam SPM 7.0.9

Curam SPM 7.0.10

References

https://www.ibm.com/support/pages/node/6346581

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/189158

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 12, 2020
Vulnerability Reserved
Dec 30, 2019