PT-2020-10992 · Ibm · Ibm Cloud Automation Manager

Published

2020-02-05

Updated

2020-08-24

CVE-2019-4616

CVSS v3.1

3.5

Low

Vector

AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Cloud Automation Manager version 3.2.1.0

Description The issue allows attackers to obtain cookie values by sending an http link to a user or planting this link in a site the user visits. When the user clicks on the link, the cookie will be sent to the insecure link, and the attacker can then obtain the cookie value by snooping the traffic.

Recommendations For IBM Cloud Automation Manager version 3.2.1.0, consider setting the secure attribute on authorization tokens or session cookies to prevent them from being sent over insecure connections. As a temporary workaround, restrict access to sensitive resources that use these cookies to minimize the risk of exploitation.

Fix

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311

Related Identifiers

CVE-2019-4616

Affected Products

Ibm Cloud Automation Manager

PT-2020-10992 · Ibm · Ibm Cloud Automation Manager

CVE-2019-4616

Weakness Enumeration

Related Identifiers

Affected Products

References · 4