CVE-2020-4780Insufficient Session Expiration in IBM Curam SPM

CWE-613Insufficient Session Expiration3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 69.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Curam SPMIBM Curam Social Program Management
Timeline
PublishedOct 12
Latest updateMay 24

Description

OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorized parties. IBM X-Force ID: 189158.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDibm/curam_social_program_management7.0.10.0, 7.0.9.0+1
CVEListV5ibm/curam_spm7.0.10, 7.0.9+1

🔴Vulnerability Details

2
GHSA
GHSA-5vj7-m9pc-cf7g: OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 72022-05-24
CVEList
CVE-2020-4780: OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 72020-10-12
CVE-2020-4780 — Insufficient Session Expiration in IBM | cvebase