Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM06906A102203FE747F492A0895C3658D86DF5963284C5F2FCF7E8C792F9E5068
HistorySep 15, 2020 - 5:05 p.m.

Security Bulletin: Trusteer Pinpoint affected by security vulnerability CVE-2020-4708

2020-09-1517:05:14
www.ibm.com
16
trusteer pinpoint
cve-2020-4708
ibm
security vulnerability
access control.

EPSS

0.001

Percentile

27.9%

JSON

Summary

Trusteer Pinpoint has addressed the issue.

Vulnerability Details

CVEID:CVE-2020-4708
**DESCRIPTION:**IBM Trusteer Pinpoint could disclose some information due to using a wildcard in the Access-Control-Allow-Origin header.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/187371 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
Trusteer Pinpoint 11.6.5 and earlier

Remediation/Fixes

Trusteer Pinpoint version 11.6.5.2 introduced a setting which ensures server responses to Cross Origin Resource Sharing requests only include values from a allowlist of allowed domains in the Access-Control-Allow-Origin header. Customers may contact Trusteer service in order to have this setting applied to their installation.

Workarounds and Mitigations

None

Related

cve 1
nvd 1
prion 1
cvelist 1
cve
cve
CVE-2020-4708
2020-09-16 16:15:15
nvd
nvd
CVE-2020-4708
2020-09-16 16:15:15
prion
prion
Design/Logic Flaw
2020-09-16 16:15:00
cvelist
cvelist
CVE-2020-4708
2020-09-16 15:55:14

EPSS

0.001

Percentile

27.9%

JSON
Related for 06906A102203FE747F492A0895C3658D86DF5963284C5F2FCF7E8C792F9E5068
cve1nvd1prion1cvelist1