Medium Severity

Security Bulletin: IBM Cloud Automation Manager is affected by an issue with insecure cookie path attribute (CVE-2019-4616)

Share this post:

IBM Cloud Automation Manager does not set the secure attribute on authorization tokens or session cookies.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Cloud Automation Manager 3.2.1.0

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/1289188

More stories

Security Bulletin: IBM Cloud Pak for Security is vulnerable to CVE-2021-20538 and CVE-2021-20577

May 7, 2021 8:00 pm EDT | Medium Severity

IBM Cloud Pak for Security versions 1.5.0.1 and earlier is vulnerable to the following CVEs: CVE-2021-20538, meaning that sensitive information can be obtained by the user without sufficient authorisation. CVE-2021-20577, allowing cross side scripting that can potentially lead to credentials disclosure. These are addressed in CP4S 1.6.0.0 and later versions ...read more


Security Bulletin: A security vulnerability in Node.js urijs module affects IBM Cloud Pak for Multicloud Management Infrastructure management.

May 7, 2021 8:00 pm EDT | Medium Severity

A security vulnerability in Node.js urijs module affects IBM Cloud Pak for Multicloud Management Infrastructure management. ...read more


Security Bulletin: IBM Control Desk is vulnerable to Cross-Site Scripting Vulnerability (CVE-2021-20559)

May 7, 2021 8:00 pm EDT | Medium Severity

IBM Control Desk is vulnerable to Cross-Site Scripting Vulnerability ...read more