Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMA5B365510C1DAAE5DA5D397D021EEEB98D089A1E225C47E29673DCA63F66E9F8
HistoryNov 25, 2020 - 8:59 a.m.

Security Bulletin: CP4S 1.3.0.1 fails to use HTTPOnly flag (CVE-2020-4625)

2020-11-2508:59:59
www.ibm.com
7

0.001 Low

EPSS

Percentile

42.1%

JSON

Summary

IBM Cloud Pak for Security (CP4S) could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.

Vulnerability Details

CVEID:CVE-2020-4625
**DESCRIPTION:**IBM Cloud Pak for Security (CP4S) could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/185360 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
Cloud Pak for Security (CP4S) 1.3.0.1

Remediation/Fixes

Upgrade to IBM Cloud Pak for Security v 1.4.0.0 by following the instructions in <https://www.ibm.com/support/knowledgecenter/en/SSTDPP_1.4.0/platform/docs/security-pak/upgrading.html&gt;

Workarounds and Mitigations

None

Related

prion 1
nvd 1
cvelist 1
cve 1
prion
prion
Information disclosure
2020-11-30 16:15:00
nvd
nvd
CVE-2020-4625
2020-11-30 16:15:12
cvelist
cvelist
CVE-2020-4625
2020-11-25 00:00:00
cve
cve
CVE-2020-4625
2020-11-30 16:15:12

0.001 Low

EPSS

Percentile

42.1%

JSON
Related for A5B365510C1DAAE5DA5D397D021EEEB98D089A1E225C47E29673DCA63F66E9F8
prion1nvd1cvelist1cve1