Описание
IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.
Ссылки
- VDB EntryVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:ibm:concert:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 21%
0.00066
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-614
CWE-319
Связанные уязвимости
CVSS3: 4.3
github
больше 1 года назад
IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.
EPSS
Процентиль: 21%
0.00066
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-614
CWE-319