PT-2020-17932 · Ibm · Ibm Security Identity Governance/Intelligence

Published

2020-05-28

Updated

2021-07-21

CVE-2020-4233

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Security Identity Governance and Intelligence version 5.2.6

Description The issue is caused by the failure to set the secure flag for the session cookie in SSL mode, allowing a remote attacker to obtain sensitive information. An attacker could exploit this by intercepting the cookie's transmission within an HTTP session and capturing it to gain access to sensitive information.

Recommendations For IBM Security Identity Governance and Intelligence version 5.2.6, consider setting the secure flag for the session cookie in SSL mode to prevent interception and exploitation. As a temporary workaround, restrict access to sensitive information until the issue is fully resolved.

Fix

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311

Related Identifiers

CVE-2020-4233

Affected Products

Ibm Security Identity Governance/Intelligence

PT-2020-17932 · Ibm · Ibm Security Identity Governance/Intelligence

CVE-2020-4233

Weakness Enumeration

Related Identifiers

Affected Products

References · 5