| |
Vulnerability CVE-2018-1804
Published: 2018-12-13
Description: |
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 149703. |
Type:
CWE-384 (Session Fixation)
CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
4.3/10 |
2.9/10 |
8.6/10 |
Exploit range |
Attack complexity |
Authentication |
Remote |
Medium |
No required |
Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
None |
None |
References: |
http://www.ibm.com/support/docview.wss?uid=ibm10787785
https://exchange.xforce.ibmcloud.com/vulnerabilities/149703
|
|
|
Copyright 2024, cxsecurity.com
|
|
|