Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-4617 | 2 Ibm, Linux | 2 Cloud Automation Manager, Linux Kernel | 2024-02-28 | 3.6 LOW | 4.4 MEDIUM |
IBM Cloud Automation Manager 3.2.1.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 168645. | |||||
CVE-2019-4616 | 2 Ibm, Linux | 2 Cloud Automation Manager, Linux Kernel | 2024-02-28 | 2.9 LOW | 3.5 LOW |
IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 168644. | |||||
CVE-2019-4133 | 1 Ibm | 1 Cloud Automation Manager | 2024-02-28 | 3.6 LOW | 5.2 MEDIUM |
IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the client side (with access to client computer) to run a custom script. IBM X-Force ID: 158278. | |||||
CVE-2019-4132 | 1 Ibm | 1 Cloud Automation Manager | 2024-02-28 | 2.1 LOW | 3.3 LOW |
IBM Cloud Automation Manager 3.1.2 could allow a user to be impropertly redirected and obtain sensitive information rather than receive a 404 error message. IBM X-Force ID: 158274. |