CVE-2019-4214
3.7
CVSS:3.0/C:L/A:N/UI:N/PR:N/AC:H/S:U/I:N/AV:N/E:U/RC:C/RL:O
Summary
IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 159185.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | SmartCloud Analytics | 1.3.1 | affected |
| IBM | SmartCloud Analytics | 1.3.2 | affected |
| IBM | SmartCloud Analytics | 1.3.3 | affected |
| IBM | SmartCloud Analytics | 1.3.4 | affected |
| IBM | SmartCloud Analytics | 1.3.5 | affected |
Weaknesses
- Obtain Information
ADP Enrichment
CVE Program Container
Additional References
- https://www.ibm.com/support/pages/node/1110171
- https://exchange.xforce.ibmcloud.com/vulnerabilities/159185
References
- https://www.ibm.com/support/pages/node/1110171
- https://exchange.xforce.ibmcloud.com/vulnerabilities/159185
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.