CVE-2020-4173

Name of the Vulnerable Software and Affected Versions IBM Guardium Activity Insights versions 10.6 through 11.0

Description The issue allows attackers to obtain cookie values by sending a http link to a user or by planting this link in a site the user visits. The cookie will be sent to the insecure link, and the attacker can then obtain the cookie value by snooping the traffic. This is possible because the secure attribute is not set on authorization tokens or session cookies.

Recommendations For versions 10.6 and 11.0, set the secure attribute on authorization tokens or session cookies to prevent attackers from obtaining cookie values. At the moment, there is no information about a newer version that contains a fix for this vulnerability.