PT-2021-12257 · Ibm · Ibm Security Identity Governance/Intelligence

Chris Shepherd

Published

2021-01-21

Updated

2021-01-28

CVE-2020-4966

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Security Identity Governance and Intelligence version 5.2.6

Description The issue concerns the failure to set the secure attribute on authorization tokens or session cookies. Attackers can exploit this by sending a http:// link to a user or by planting this link in a site the user visits, allowing them to obtain the cookie value by snooping the traffic.

Recommendations For IBM Security Identity Governance and Intelligence version 5.2.6, consider setting the secure attribute on authorization tokens or session cookies to prevent them from being sent over insecure links. As a temporary workaround, restrict access to sensitive resources that rely on these cookies until a proper fix is applied.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2020-4966

Affected Products

Ibm Security Identity Governance/Intelligence

PT-2021-12257 · Ibm · Ibm Security Identity Governance/Intelligence

CVE-2020-4966

Weakness Enumeration

Related Identifiers

Affected Products

References · 6