CVE-2020-4316

Posted by Cyberthreat Blog | Jul 16, 2020 | Uncategorized | 0 |

IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 177354.

CVE-2020-4316

About The Author

Cyberthreat Blog

Share This

Share This

CVE-2020-4316

About The Author

Cyberthreat Blog

Related Posts

CVE-2012-4183 (enterprise_linux_desktop, enterprise_linux_eus, enterprise_linux_server, enterprise_linux_workstation, firefox, firefox_esr, linux_enterprise_desktop, linux_enterprise_sdk, linux_enterprise_server, opensuse, seamonkey, thunderbird, thunderbird_esr, ubuntu_linux)

CVE-2020-9248

CVE-2010-4565 (linux_kernel)

CVE-2020-11117

Share This

Share This