CVE-2020-4527
First published: Fri Jul 17 2020(Updated: )
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM X-Force ID: 182631.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Planning Analytics | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-4527?
The severity of CVE-2020-4527 is medium, with a CVSS score of 5.9.
How does CVE-2020-4527 affect IBM Planning Analytics?
CVE-2020-4527 affects IBM Planning Analytics 2.0.
What is the vulnerability of CVE-2020-4527?
CVE-2020-4527 is a vulnerability that allows a remote attacker to obtain sensitive information by intercepting the session cookie in TLS mode.
How can an attacker exploit CVE-2020-4527?
An attacker can exploit CVE-2020-4527 by intercepting the transmission of the session cookie within an HTTP session.
Is there a fix for CVE-2020-4527?
Yes, a fix for CVE-2020-4527 is available. Please refer to the official IBM support page for instructions on how to fix the vulnerability.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/ibm-support
- source/IBM
- agent/remedy
- agent/weakness
- agent/author
- agent/description
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/tags
- agent/source
- vendor/ibm
- canonical/ibm planning analytics
- version/ibm planning analytics/2.0