CVE-2020-4749

Name of the Vulnerable Software and Affected Versions IBM Spectrum Scale versions 5.0.0 through 5.0.5.2

Description The issue allows attackers to obtain cookie values by sending an http link to a user or planting this link in a site the user visits. When the user clicks the link, the cookie will be sent to the insecure link, and the attacker can then obtain the cookie value by snooping the traffic.

Recommendations For IBM Spectrum Scale versions 5.0.0 through 5.0.5.2, consider disabling the use of http links until a secure method of setting the secure attribute on authorization tokens or session cookies is implemented. Restrict access to sensitive areas of the application to minimize the risk of exploitation. Avoid using insecure links that may expose cookie values to potential attackers. At the moment, there is no information about a newer version that contains a fix for this vulnerability.