4 matches found
CVE-2019-4133
CVE-2019-4133 affects IBM Cloud Automation Manager 3.1.2. The concurrent documents confirm a client-side attacker with access to the user’s machine could execute a custom script due to an insecure Content-Security-Policy header. Exploitation details are not provided beyond this, but the IBM secur...
CVE-2019-4616
CVE-2019-4616 affects IBM Cloud Automation Manager 3.2.1.0, where authorization tokens and session cookies lack the Secure attribute, allowing cookie values to be exposed when users click http links or visit malicious sites. The vulnerability is documented across multiple sources (NVD/NVD-derived...
CVE-2019-4132
IBM Cloud Automation Manager 3.1.2 is affected by an improper redirection vulnerability when a bad API path is requested, which could disclose sensitive information instead of returning a 404. The issue is due to redirection instead of proper error handling. Affected product/version: IBM Cloud Au...
CVE-2019-4617
IBM Cloud Automation Manager 3.2.1.0 is affected by CVE-2019-4617: it does not renew the session variable after successful authentication, enabling session fixation/hijacking where a user could be forced to use a cookie potentially known to an attacker. The IBM Security Bulletin confirms the vuln...