CVE-2020-4780 : What You Need to Know

IBM Curam Social Program Management versions 7.0.9 and 7.0.10 are impacted by a vulnerability where the out-of-the-box build scripts fail to set the secure attribute on session cookies, potentially exposing them to unauthorized access.

Understanding CVE-2020-4780

This CVE involves a security issue in IBM Curam SPM versions 7.0.9 and 7.0.10, affecting the secure attribute on session cookies.

What is CVE-2020-4780?

The vulnerability in the build scripts of IBM Curam SPM versions 7.0.9 and 7.0.10 leaves session cookies without the secure attribute, making them vulnerable to interception by unauthorized parties.

The Impact of CVE-2020-4780

The lack of the secure attribute on session cookies in IBM Curam SPM versions 7.0.9 and 7.0.10 poses a medium severity risk with a CVSS base score of 4.3.

Technical Details of CVE-2020-4780

This section provides more technical insights into the vulnerability.

Vulnerability Description

The vulnerability arises from the failure of out-of-the-box build scripts to set the secure attribute on session cookies in IBM Curam SPM versions 7.0.9 and 7.0.10.

Affected Systems and Versions

Product: Curam SPM
Vendor: IBM
Affected Versions: 7.0.9, 7.0.10

Exploitation Mechanism

Attack Complexity: Low
Attack Vector: Network
Privileges Required: None
User Interaction: Required

Mitigation and Prevention

To address and prevent the exploitation of CVE-2020-4780, follow these steps:

Immediate Steps to Take

Apply the official fix provided by IBM.
Monitor for any unauthorized access or cookie-related issues.

Long-Term Security Practices

Regularly update and patch the IBM Curam SPM software.
Implement secure coding practices to prevent similar vulnerabilities.

Patching and Updates

Ensure that all systems running IBM Curam SPM are updated with the latest patches and security fixes.