CVE-2014-3092

Currently unrated

Key Information:

Vendor: IBM
Status: Rational Engineering Lifecycle Manager; Rational Requirements Composer; Rational Software Architect Design Manager; Rational Quality Manager
Vendor: CVE Published:; 12 September 2014

Summary

IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21682787

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/94258

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Sep 12, 2014
Vulnerability Reserved
Apr 29, 2014