Описание
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set the secure attribute for cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session. IBM X-Force ID: 161210.
Ссылки
- VDB EntryVendor Advisory
- PatchVendor Advisory
- VDB EntryVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:ibm:security_guardium_big_data_intelligence:4.0:*:*:*:*:*:*:*
EPSS
Процентиль: 52%
0.00287
Низкий
3.1 Low
CVSS3
4.3 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-565
Связанные уязвимости
CVSS3: 4.3
github
около 3 лет назад
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set the secure attribute for cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session. IBM X-Force ID: 161210.
EPSS
Процентиль: 52%
0.00287
Низкий
3.1 Low
CVSS3
4.3 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-565