IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 177354.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: ibm
Published: 2020-07-16T15:05:35.295889Z
Updated: 2024-09-16T22:20:40.889Z
Reserved: 2019-12-30T00:00:00
Link: CVE-2020-4316
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-07-16T15:15:27.987
Modified: 2020-07-22T19:44:41.490
Link: CVE-2020-4316
Redhat
No data.