CVE-2020-4597
Description
IBM Security Guardium Insights 2.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 184822.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Security Guardium Insights 2.0.2 fails to set the secure attribute on cookies, allowing attackers to intercept them via insecure HTTP links.
Vulnerability
IBM Security Guardium Insights version 2.0.2 does not set the secure attribute on authorization tokens or session cookies. This means cookies are transmitted over unencrypted HTTP connections, violating best practices for cookie security. [1]
Exploitation
An attacker can craft an http:// link to the application or plant such a link on a site the user visits. If the user clicks the link, the browser sends the cookie to the insecure URL. The attacker can then sniff the network traffic to capture the cookie value. No authentication or special privileges are required for the attacker beyond the ability to deliver the link and monitor network traffic. [1]
Impact
Successful exploitation allows the attacker to obtain the session cookie or authorization token, potentially gaining unauthorized access to the Guardium Insights application and the sensitive data it manages. This compromises confidentiality and could lead to further attacks. [1]
Mitigation
IBM has addressed this vulnerability in a security update. Users should apply the fix as described in the IBM Security Bulletin [1]. No workarounds are documented in the available references. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: =2.0.2
- Range: 2.0.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- exchange.xforce.ibmcloud.com/vulnerabilities/184822mitrevdb-entryx_refsource_XF
- www.ibm.com/support/pages/node/6403463mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.