Session Cookie Vulnerability in IBM Security Identity Governance and Intelligence
CVE-2020-4966

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Security Identity Governance And Intelligence
Vendor: CVE Published:; 21 January 2021

Summary

IBM Security Identity Governance and Intelligence version 5.2.6 contains an information disclosure vulnerability where the secure attribute is not set on authorization tokens or session cookies. This flaw may allow attackers to capture cookie values by tricking users into clicking malicious links. If users interact with these links, their cookies can be exposed through insecure channels, enabling attackers to exploit this information by intercepting traffic. It is essential for users and administrators to implement security measures to safeguard against such vulnerabilities.

Affected Version(s)

Security Identity Governance and Intelligence 5.2.6

References

https://www.ibm.com/support/pages/node/6403233

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/192423

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 21, 2021
Vulnerability Reserved
Dec 30, 2019