Medium Severity

Security Bulletin: CP4S 1.3.0.1 fails to use HTTPOnly flag (CVE-2020-4625)

Share this post:

IBM Cloud Pak for Security (CP4S) could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Cloud Pak for Security (CP4S) 1.3.0.1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6372536

More stories

Security Bulletin: IBM InfoSphere Information Server is affected by a cross-site request forgery vulnerability

Mar 3, 2021 7:00 pm EST | Medium Severity

A cross-site request forgery vulnerability was addressed by IBM InfoSphere Information Server. ...read more


Security Bulletin: IBM MQ Appliance is affected by a systemd vulnerability (CVE-2019-20386)

Mar 3, 2021 7:00 pm EST | Medium Severity

IBM MQ Appliance has resolved a systemd vulnerability. ...read more