CVE-2018-1804

Summary

IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 149703.

Affected Software

VendorProductVersion RangeStatus
IBMSecurity Access Manager Appliance9.0.1.0affected
IBMSecurity Access Manager Appliance9.0.2.0affected
IBMSecurity Access Manager Appliance9.0.3.0affected
IBMSecurity Access Manager Appliance9.0.4.0affected
IBMSecurity Access Manager Appliance9.0.5.0affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

References