Lucene search

IbmCVELIST:CVE-2020-4146

HistoryNov 12, 2021 - 3:20 p.m.

CVE-2020-4146

2021-11-1215:20:20

ibm

www.cve.org

ibm

security

siteprotector

remote

information disclosure

vulnerability

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C

EPSS

0.001

Percentile

41.6%

JSON

IBM Security SiteProtector System 3.1.1 could allow a remote attacker to obtain sensitive information, caused by missing ‘HttpOnly’ flag. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 174129.

CNA Affected

[
  {
    "product": "Security SiteProtector System",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "3.1.1"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/174129

www.ibm.com/support/pages/node/6515056

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C

EPSS

0.001

Percentile

41.6%

JSON

Related for CVELIST:CVE-2020-4146