Trusteer Pinpoint has addressed the issue.
CVEID:CVE-2020-4708
**DESCRIPTION:**IBM Trusteer Pinpoint could disclose some information due to using a wildcard in the Access-Control-Allow-Origin header.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/187371 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
Trusteer Pinpoint | 11.6.5 and earlier |
Trusteer Pinpoint version 11.6.5.2 introduced a setting which ensures server responses to Cross Origin Resource Sharing requests only include values from a allowlist of allowed domains in the Access-Control-Allow-Origin header. Customers may contact Trusteer service in order to have this setting applied to their installation.
None