Ibm

Cloud Automation Manager

4 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.4

CVE-2019-4617

  • EPSS 0.08%
  • Published 16.03.2020 16:15:12
  • Last modified 21.11.2024 04:43:52

IBM Cloud Automation Manager 3.2.1.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X...

3.5

CVE-2019-4616

  • EPSS 0.06%
  • Published 05.02.2020 16:15:11
  • Last modified 21.11.2024 04:43:52

IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to....

3.3

CVE-2019-4132

  • EPSS 0.09%
  • Published 29.08.2019 15:15:11
  • Last modified 21.11.2024 04:43:12

IBM Cloud Automation Manager 3.1.2 could allow a user to be impropertly redirected and obtain sensitive information rather than receive a 404 error message. IBM X-Force ID: 158274.

5.2

CVE-2019-4133

  • EPSS 0.11%
  • Published 29.08.2019 15:15:11
  • Last modified 21.11.2024 04:43:12

IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the client side (with access to client computer) to run a custom script. IBM X-Force ID: 158278.