CVE-2015-0102

Опубликовано: 05 фев. 2020

Источник: nvd

CVSS3: 8.1

CVSS2: 5.8

EPSS Низкий

Описание

IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Ссылки

http://www-01.ibm.com/support/docview.wss?uid=swg21694941
Broken Link
http://www.securityfocus.com/bid/74220
Third Party Advisory
VDB Entry
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-authentication-session-cookie-in-ibm-workflow-for-bluemix-was-missing-secure-flag-cve-2015-0102/
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21694941
Broken Link
http://www.securityfocus.com/bid/74220
Third Party Advisory
VDB Entry
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-authentication-session-cookie-in-ibm-workflow-for-bluemix-was-missing-secure-flag-cve-2015-0102/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ibm:workflow:-:*:*:*:*:bluemix:*:*

EPSS

Процентиль: 61%

0.00419

Низкий

8.1 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-2rrv-8ph2-rj83

github

больше 3 лет назад