Security Flaw in IBM QRadar Incident Forensics Leading to Cookie Exposure
CVE-2015-1993

Currently unrated

Key Information:

Vendor: IBM
Status: Security Qradar Incident Forensics
Vendor: CVE Published:; 8 November 2015

Summary

A vulnerability in IBM Security QRadar Incident Forensics versions prior to 7.2.5 Patch 5 fails to set the secure flag for certain cookies during HTTPS sessions. This oversight increases the risk of remote attackers intercepting and capturing these cookies via unsecured HTTP connections, potentially compromising sensitive user information.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21968270

x_refsource_CONFIRM

Timeline

Vulnerability published
Nov 8, 2015
Vulnerability Reserved
Feb 19, 2015