Cognitive Content Analyzer < 2.3 - Unauthorised AJAX call via CSRF

The plugin did not properly check for CSRF in its blobinatoranalyze AJAX action, allowing attacker to make a logged in administrator call the blobinatorprocesstext method with arbitrary parameters and update the related post with the results. POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1 Accep...

IBM Business Automation Content Analyzer Cloud Information Disclosure Vulnerability

IBM Business Automation Content Analyzer is a new cloud-based API Web Service from International Business Machines IBM designed to work with the IBM Automation Platform for Digital Business or any non-IBM content/process system. Content Analyzer helps you quickly accelerate the extraction and...

CVE-2020-4315

IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...

CVE-2020-4315

IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...

Authorization

IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...

CVE-2020-4315

This CVE (CVE-2020-4315) affects IBM Business Automation Content Analyzer on Cloud 1.0. The vulnerability arises because the authorization tokens or session cookies do not set the Secure attribute, allowing cookies to be exposed when a user visits an http link, enabling an attacker to snoop traff...

CVE-2020-4315

IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...

Security Bulletin: IBM Business Automation Content Analyzer is affected by Insecure Cookie vulnerability

Summary IBM Business Automation Content Analyzer has addressed the following vulnerability Vulnerability Details CVEID: CVE-2020-4315 DESCRIPTION: IBM Business Automation Content Analyzer does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get th...