CVE-2021-29769

Summary

IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 202769.

Affected Software

VendorProductVersion RangeStatus
IBMi2 Analyze4.3.0affected
IBMi2 Analyze4.3.1affected
IBMi2 Analyze4.3.2affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

References