Session Cookie Vulnerability in IBM Security Identity Governance and Intelligence
CVE-2020-4966

4.3MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
21 January 2021

Summary

IBM Security Identity Governance and Intelligence version 5.2.6 contains an information disclosure vulnerability where the secure attribute is not set on authorization tokens or session cookies. This flaw may allow attackers to capture cookie values by tricking users into clicking malicious links. If users interact with these links, their cookies can be exposed through insecure channels, enabling attackers to exploit this information by intercepting traffic. It is essential for users and administrators to implement security measures to safeguard against such vulnerabilities.

Affected Version(s)

Security Identity Governance and Intelligence 5.2.6

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.