CVE-2020-4173

Published: Jul 9, 2020Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 174682.

Affected (3)

Products: Ibm: Security Guardium Insights, Infosphere Guardium Activity Monitor

2 products

Security Guardium Insights

Infosphere Guardium Activity Monitor

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ibm Security Guardium Insights	Version 2.0.0

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Infosphere Guardium Activity Monitor	Version 10.6
Ibm Infosphere Guardium Activity Monitor	Version 11.0

Running on/with	Platform Versions
Linux Linux Kernel	All versions

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/174682

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/6244924

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/174682

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/6244924

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.