CVE-2020-4780

OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorized parties. IBM X-Force ID: 189158.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
ibmCNA
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/PR:N/AV:N/A:N/I:N/AC:L/S:U/UI:R/C:L/RC:C/RL:O/E:U
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
VendorProductVersion
ibmcuram_social_program_management
7.0.9.0
ibmcuram_social_program_management
7.0.10.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/189158
https://www.ibm.com/support/pages/node/6346581
https://exchange.xforce.ibmcloud.com/vulnerabilities/189158
https://www.ibm.com/support/pages/node/6346581