CVE-2020-4780
Summary
| CVE | CVE-2020-4780 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-10-12 13:15:00 UTC |
| Updated | 2020-10-26 15:05:00 UTC |
| Description | OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorized parties. IBM X-Force ID: 189158. |
Risk And Classification
Problem Types: CWE-613
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ibm | Curam Social Program Management | 7.0.10.0 | All | All | All |
| Application | Ibm | Curam Social Program Management | 7.0.9.0 | All | All | All |
| Application | Ibm | Curam Social Program Management | 7.0.10.0 | All | All | All |
| Application | Ibm | Curam Social Program Management | 7.0.9.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | VDB Entry, Vendor Advisory |
| Security Bulletin: OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Cúram Social Program Management (CVE-2020-4780) | CONFIRM | www.ibm.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.