CVE-2020-26515

Name of the Vulnerable Software and Affected Versions: Intland codeBeamer ALM versions 10.x through 10.1.SP4

Description: An issue with insufficiently protected credentials was found. The CB LOGIN remember-me cookie contains encrypted user credentials, but due to a bug, these credentials are encrypted using a NULL encryption key.

Recommendations: For versions 10.x through 10.1.SP4, consider disabling the use of the remember-me cookie feature until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.