← Voltar para CVEs

CVE-2019-4616

LOW

3.5

Descricao

IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 168644.

Detalhes CVE

Pontuacao CVSS v3.13.5

SeveridadeLOW

Vetor CVSSCVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Vetor de ataqueADJACENT_NETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioREQUIRED

Publicado2/5/2020

Ultima modificacao11/21/2024

Fontenvd

Avistamentos honeypot0

Produtos afetados

ibm:cloud_automation_managerlinux:linux_kernel

Fraquezas (CWE)

CWE-311

Referencias

https://exchange.xforce.ibmcloud.com/vulnerabilities/168644(psirt@us.ibm.com)

https://www.ibm.com/support/pages/node/1289188(psirt@us.ibm.com)

https://exchange.xforce.ibmcloud.com/vulnerabilities/168644(af854a3a-2127-422b-91ae-364da2661108)

https://www.ibm.com/support/pages/node/1289188(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.