← back
CVE-2020-4780

CVE-2020-4780

CVSS 4.3 MEDIUMEPSS 1.0%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 1.0%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
12 Oct 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorized parties. IBM X-Force ID: 189158.
CVSS:3.0/PR:N/AV:N/A:N/I:N/AC:L/S:U/UI:R/C:L/RC:C/RL:O/E:U
Affected products
IBM · Curam SPM

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →