CVE-2020-4749

MEDIUM Year: 2020
CVSS v3 Score
4.3
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-565
View all →

Vulnerability Description

IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188518.

Related Vulnerabilities

CVE-2021-20450

MEDIUM
CVSS:4.3(Medium)

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link ...

CWE-5652021

CVE-2024-39734

MEDIUM
CVSS:4.3(Medium)

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a ht...

CWE-5652024

CVE-2019-4638

LOW
CVSS:3.7(Low)

IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techn...

CWE-5652019

CVE-2019-4688

LOW
CVSS:3.7(Low)

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// li...

CWE-5652019

CVE-2019-4305

MEDIUM
CVSS:5.3(Medium)

IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. IBM X-Force ID: 160951.

CWE-5652019

CVE-2022-35284

MEDIUM
CVSS:5.3(Medium)

IBM Security Verify Information Queue 10.0.2 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 230811.

CWE-5652022