CVE-2014-0909

Currently unrated

Key Information:

Vendor: IBM
Status: Rational License Key Server
Vendor: CVE Published:; 10 September 2014

Summary

The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

References

http://www.securityfocus.com/bid/69642

vdb-entryx_refsource_BID

http://www-01.ibm.com/support/docview.wss?uid=swg24038045

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/91872

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Sep 10, 2014
Vulnerability Reserved
Jan 6, 2014