Session Cookie Vulnerability in IBM Security QRadar SIEM
CVE-2014-4830

Currently unrated

Key Information:

Vendor

IBM
Status
Qradar Security Information And Event Manager
Vendor
CVE Published:
19 October 2014

What is CVE-2014-4830?

A vulnerability exists in IBM Security QRadar SIEM affecting specific versions of QRM and QVM. The application does not set the HTTPOnly flag for session cookies within the Set-Cookie header. This oversight allows remote attackers to exploit the absence of this security measure, potentially leading to unauthorized access to sensitive session information through client-side scripts. Proper implementation of the HTTPOnly flag is crucial in safeguarding session cookies from being accessed by malicious scripts, thereby enhancing the overall security posture of affected applications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/95580
vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/71077
vdb-entryx_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=swg21686478
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.