CVE-2018-1804
3.7
CVSS:3.0/A:N/AC:H/AV:N/C:L/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O
Summary
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 149703.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | Security Access Manager Appliance | 9.0.1.0 | affected |
| IBM | Security Access Manager Appliance | 9.0.2.0 | affected |
| IBM | Security Access Manager Appliance | 9.0.3.0 | affected |
| IBM | Security Access Manager Appliance | 9.0.4.0 | affected |
| IBM | Security Access Manager Appliance | 9.0.5.0 | affected |
Weaknesses
- Obtain Information
ADP Enrichment
CVE Program Container
Additional References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/149703
- http://www.ibm.com/support/docview.wss?uid=ibm10787785
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/149703
- http://www.ibm.com/support/docview.wss?uid=ibm10787785
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.