CVE-2019-4638
3.7
CVSS:3.0/A:N/S:U/PR:N/UI:N/AC:H/I:N/C:L/AV:N/RL:O/E:U/RC:C
Summary
IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 170044.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | Security Secret Server | 10.7 | affected |
Weaknesses
- Obtain Information
ADP Enrichment
CVE Program Container
Additional References
- https://www.ibm.com/support/pages/node/1283236
- https://exchange.xforce.ibmcloud.com/vulnerabilities/170044
References
- https://www.ibm.com/support/pages/node/1283236
- https://exchange.xforce.ibmcloud.com/vulnerabilities/170044
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.