Session Cookie Vulnerability in IBM Security Identity Governance and Intelligence
CVE-2020-4966
4.3MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 21 January 2021
Summary
IBM Security Identity Governance and Intelligence version 5.2.6 contains an information disclosure vulnerability where the secure attribute is not set on authorization tokens or session cookies. This flaw may allow attackers to capture cookie values by tricking users into clicking malicious links. If users interact with these links, their cookies can be exposed through insecure channels, enabling attackers to exploit this information by intercepting traffic. It is essential for users and administrators to implement security measures to safeguard against such vulnerabilities.
Affected Version(s)
Security Identity Governance and Intelligence 5.2.6
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved