CVE-2020-4780 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2020-4780

CWE

https://cwe.mitre.org/data/definitions/613.html

OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the secure attribute is to prevent cookies from being observed by unauthorized parties. IBM X-Force ID: 189158.

Weakness

According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”

Affected Software

Name	Vendor	Start Version	End Version
Curam_social_program_management	Ibm	7.0.9.0 (including)	7.0.9.0 (including)
Curam_social_program_management	Ibm	7.0.10.0 (including)	7.0.10.0 (including)

Potential Mitigations

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/189158
https://www.ibm.com/support/pages/node/6346581
https://exchange.xforce.ibmcloud.com/vulnerabilities/189158
https://www.ibm.com/support/pages/node/6346581