Security Flaw in IBM QRadar Incident Forensics Leading to Cookie Exposure
CVE-2015-1993
Currently unrated
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 8 November 2015
Summary
A vulnerability in IBM Security QRadar Incident Forensics versions prior to 7.2.5 Patch 5 fails to set the secure flag for certain cookies during HTTPS sessions. This oversight increases the risk of remote attackers intercepting and capturing these cookies via unsecured HTTP connections, potentially compromising sensitive user information.
References
Timeline
Vulnerability published
Vulnerability Reserved