Session Cookie Vulnerability in IBM Security QRadar SIEM
CVE-2014-4830

Currently unrated

Key Information:

Vendor: IBM
Status: Qradar Security Information And Event Manager
Vendor: CVE Published:; 19 October 2014

Summary

A vulnerability exists in IBM Security QRadar SIEM affecting specific versions of QRM and QVM. The application does not set the HTTPOnly flag for session cookies within the Set-Cookie header. This oversight allows remote attackers to exploit the absence of this security measure, potentially leading to unauthorized access to sensitive session information through client-side scripts. Proper implementation of the HTTPOnly flag is crucial in safeguarding session cookies from being accessed by malicious scripts, thereby enhancing the overall security posture of affected applications.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/95580

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/71077

vdb-entryx_refsource_BID

http://www-01.ibm.com/support/docview.wss?uid=swg21686478

x_refsource_CONFIRM

Timeline

Vulnerability published
Oct 19, 2014
Vulnerability Reserved
Jul 9, 2014