CVE-2019-4214

Summary

IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 159185.

Affected Software

VendorProductVersion RangeStatus
IBMSmartCloud Analytics1.3.1affected
IBMSmartCloud Analytics1.3.2affected
IBMSmartCloud Analytics1.3.3affected
IBMSmartCloud Analytics1.3.4affected
IBMSmartCloud Analytics1.3.5affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

References