CVE-2020-4749 – IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorizatio …

Vuln ID: CVE-2020-4749

Published:  2020-10-20  15:15:13Z

Description: IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188518.

Source: NVD.NIST.GOV

 


Date:

Categorie(s):

Tag(s):