PT-2020-18113 · Ibm · Ibm Planning Analytics

Published

2020-07-20

Updated

2020-07-22

CVE-2020-4527

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Planning Analytics version 2.0

Description The issue is caused by the failure to set the Secure flag for the session cookie in TLS mode, allowing a remote attacker to obtain sensitive information. An attacker could intercept the cookie's transmission within an HTTP session and exploit this to capture the cookie, thereby obtaining sensitive information.

Recommendations For IBM Planning Analytics version 2.0, set the Secure flag for the session cookie in TLS mode to prevent sensitive information from being captured by an attacker.

Fix

Session Fixation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-384

Related Identifiers

CVE-2020-4527

Affected Products

Ibm Planning Analytics

PT-2020-18113 · Ibm · Ibm Planning Analytics

CVE-2020-4527

Weakness Enumeration

Related Identifiers

Affected Products

References · 4