5 matches found
IBM Security Guardium Insights Cookie Hijacking Vulnerability
IBM Security Guardium Insights is a modern hybrid multi-cloud data security hub from IBM USA. A cookie hijacking vulnerability exists in IBM Guardium Activity Insights 10.6 and 11.0. The vulnerability stems from IBM Guardium Activity Insights not setting the security properties of authorization...
CVE-2020-4173
IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecur...
Authorization
IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecur...
CVE-2020-4173
IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecur...
CVE-2020-4173
CVE-2020-4173 affects IBM Guardium Activity Insights 10.6 and 11.0. The issue is that authorization tokens and session cookies are missing the secure attribute, allowing cookie values to be captured if a user visits an http link or a site containing one. Impact is exposure of cookies via network ...