CVE-2020-4316

Опубликовано: 16 июл. 2020

Источник: nvd

CVSS3: 4.3

CVSS3: 4.7

CVSS2: 4.3

EPSS Низкий

Описание

IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 177354.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/177354
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6249131
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/177354
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6249131
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:6.0.6:-:*:*:*:*:*:*

cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:6.0.6.1:-:*:*:*:*:*:*

cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0:-:*:*:*:*:*:*

EPSS

Процентиль: 39%

0.00172

Низкий

4.3 Medium

CVSS3

4.7 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-7hpv-rcx2-vjx9

CVSS3: 4.7

github

больше 3 лет назад

EPSS

Процентиль: 39%

0.00172

Низкий

4.3 Medium

CVSS3

4.7 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other