CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4625
https://notcve.org/view.php?id=CVE-2020-4625
IBM Cloud Pak for Security 1.3.0.1(CP4S) could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM Cloud Pak for Security versión 1.3.0.1 (CP4S) podría permitir a un atacante remoto obtener información confidencial, causada por el fallo al ajustar el flag HTTPOnly. Un atacante remoto podría explotar esta vulnerabilidad para obtener información confidencial de la cookie • https://exchange.xforce.ibmcloud.com/vulnerabilities/185360 https://www.ibm.com/support/pages/node/6372536 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4624
https://notcve.org/view.php?id=CVE-2020-4624
IBM Cloud Pak for Security 1.3.0.1 (CP4S) uses weaker than expected cryptographic algorithms during negotiation could allow an attacker to decrypt sensitive information. IBM Cloud Pak for Security versión 1.3.0.1 (CP4S) usa algoritmos criptográficos más débiles de lo esperado durante la negociación que podría permitir a un atacante descifrar información confidencial • https://exchange.xforce.ibmcloud.com/vulnerabilities/185359 https://www.ibm.com/support/pages/node/6372532 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •