CVE-2019-4171
3.7
CVSS:3.0/UI:N/A:N/AC:H/S:U/AV:N/C:L/I:N/PR:N/RC:C/E:U/RL:O
Summary
IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 158876.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | Cognos Controller | 10.3.1 | affected |
| IBM | Cognos Controller | 10.3.0 | affected |
| IBM | Cognos Controller | 10.4.0 | affected |
| IBM | Cognos Controller | 10.4.1 | affected |
Weaknesses
- Obtain Information
ADP Enrichment
CVE Program Container
Additional References
- https://www.ibm.com/support/pages/security-bulletin-security-vulnerabilties-exist-ibm-cognos-controller
- https://exchange.xforce.ibmcloud.com/vulnerabilities/158876
References
- https://www.ibm.com/support/pages/security-bulletin-security-vulnerabilties-exist-ibm-cognos-controller
- https://exchange.xforce.ibmcloud.com/vulnerabilities/158876
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.