Security Flaw in IBM QRadar Incident Forensics Leading to Cookie Exposure
CVE-2015-1993

Currently unrated

Key Information:

Vendor
IBM
Vendor
CVE Published:
8 November 2015

Summary

A vulnerability in IBM Security QRadar Incident Forensics versions prior to 7.2.5 Patch 5 fails to set the secure flag for certain cookies during HTTPS sessions. This oversight increases the risk of remote attackers intercepting and capturing these cookies via unsecured HTTP connections, potentially compromising sensitive user information.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.