PT-2020-17995 · Ibm · Ibm Business Automation Content Analyzer On Cloud
Published
2020-09-21
·
Updated
2020-10-01
·
CVE-2020-4315
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Business Automation Content Analyzer on Cloud version 1.0
Description
The issue allows attackers to obtain cookie values by sending an http link to a user or planting this link in a site the user visits. When the user clicks on the link, the cookie will be sent to the insecure link, and the attacker can then obtain the cookie value by snooping the traffic.
Recommendations
For IBM Business Automation Content Analyzer on Cloud version 1.0, consider setting the secure attribute on authorization tokens or session cookies to prevent them from being sent over insecure links. As a temporary workaround, restrict access to sensitive information and avoid using http links to minimize the risk of exploitation.
Fix
Insecure Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Business Automation Content Analyzer On Cloud