Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM2EA6FA5F35144E13964E73292624D3399D051A67E1E7E884B040A11E4CE28EF6
HistorySep 18, 2020 - 10:15 p.m.

Security Bulletin: IBM Business Automation Content Analyzer is affected by Insecure Cookie vulnerability

2020-09-1822:15:48
www.ibm.com
11
ibm business automation
content analyzer
vulnerability
insecure cookie
authorization tokens
session cookies
cvss
cloud
fix
software

EPSS

0.001

Percentile

32.5%

JSON

Summary

IBM Business Automation Content Analyzer has addressed the following vulnerability

Vulnerability Details

CVEID:CVE-2020-4315
**DESCRIPTION:**IBM Business Automation Content Analyzer does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/177234 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
Business Automation Content Analyzer on Cloud 1.0

Remediation/Fixes

The vulnerability is fixed in IBM Business Automation Content Analyzer version 1.2

Workarounds and Mitigations

None

Related

nvd 1
prion 1
cve 1
cvelist 1
nvd
nvd
CVE-2020-4315
2020-09-21 15:15:12
prion
prion
Authorization
2020-09-21 15:15:00
cve
cve
CVE-2020-4315
2020-09-21 15:15:12
cvelist
cvelist
CVE-2020-4315
2020-09-21 14:55:23

EPSS

0.001

Percentile

32.5%

JSON
Related for 2EA6FA5F35144E13964E73292624D3399D051A67E1E7E884B040A11E4CE28EF6
nvd1prion1cve1cvelist1