Ibm: >> Cloud Automation Manager Security Vulnerabilities
IBM Cloud Automation Manager 3.2.1.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 168645.
CVSS Score
5.9
EPSS Score
0.001
Published
2020-03-16
IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 168644.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-02-05
IBM Cloud Automation Manager 3.1.2 could allow a user to be impropertly redirected and obtain sensitive information rather than receive a 404 error message. IBM X-Force ID: 158274.
CVSS Score
4.0
EPSS Score
0.001
Published
2019-08-29
IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the client side (with access to client computer) to run a custom script. IBM X-Force ID: 158278.
CVSS Score
5.0
EPSS Score
0.001
Published
2019-08-29