Session Cookie Vulnerability in IBM Jazz Team Server and Rational Products
CVE-2014-3092

Currently unrated

Key Information:

Vendor: IBM
Status: Rational Engineering Lifecycle Manager; Rational Requirements Composer; Rational Software Architect Design Manager; Rational Quality Manager
Vendor: CVE Published:; 12 September 2014

Summary

IBM Jazz Team Server and various Rational products are vulnerable due to a misconfiguration where the secure flag for session cookies is not set during HTTPS sessions. This flaw allows remote attackers to potentially intercept session cookies through insecure transmission channels, which could lead to unauthorized access. It affects multiple versions of Rational products, emphasizing the importance of secure cookie handling in web applications.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21682787

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/94258

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Sep 12, 2014
Vulnerability Reserved
Apr 29, 2014