CVE-2014-0905

Currently unrated

Key Information:

Vendor: IBM
Status: Infosphere Biginsights
Vendor: CVE Published:; 17 August 2014

Summary

IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the secure flag for the LTPA cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21680830

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/91720

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Aug 17, 2014
Vulnerability Reserved
Jan 6, 2014