How severe is CVE-2020-4315?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2020-4315?

This is classified as CWE-922, which is a common weakness in software security.

CVE-2020-4315 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 177234.

Related Vulnerabilities

CVE-2017-16560

MEDIUM

CVSS:4.3(Medium)

SanDisk Secure Access 3.01 vault decrypts and copies encrypted files to a temporary folder, where they can remain indefinitely in certain situations, such as if the file is being edited when the user ...

CWE-9222017

CVE-2019-12825

MEDIUM

CVSS:4.3(Medium)

Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups....

CWE-9222019

CVE-2019-13717

MEDIUM

CVSS:4.3(Medium)

Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.

CWE-9222019

CVE-2019-13719

MEDIUM

CVSS:4.3(Medium)

Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.

CWE-9222019

CVE-2020-26176

MEDIUM

CVSS:4.3(Medium)

An issue was discovered in tangro Business Workflow before 1.18.1. No (or broken) access control checks exist on the /api/document/<DocumentID>/attachments API endpoint. Knowing a document ID, an atta...

CWE-9222020

CVE-2020-29603

MEDIUM

CVSS:4.3(Medium)

In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having acce...

CWE-9222020