CVE-2020-4527

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM X-Force ID: 182631.

Published: Jul 20, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-4527
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-384

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
ibm / planning_analytics	2.0	2.0.x

https://exchange.xforce.ibmcloud.com/vulnerabilities/182631
https://www.ibm.com/support/pages/node/6249981

Vulnerability Database

290,273

CVE-2020-4527