CVE-2016-0351

Опубликовано: 21 фев. 2018

Источник: nvd

CVSS3: 3.7

CVSS2: 4.3

EPSS Низкий

Описание

IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 does not set the secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. IBM X-Force ID: 111890.

Ссылки

http://www-01.ibm.com/support/docview.wss?uid=swg21989198
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/111890
VDB Entry
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21989198
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/111890
VDB Entry
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.1.3:*:*:*:*:*:*:*

EPSS

Процентиль: 39%

0.00172

Низкий

3.7 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-66rp-jj47-55pw