Session Cookie Vulnerability in IBM Security QRadar Incident Forensics
CVE-2015-1994

Currently unrated

Key Information:

Vendor
IBM
Vendor
CVE Published:
8 November 2015

Summary

IBM Security QRadar Incident Forensics versions 7.2.x prior to 7.2.5 Patch 5 lack the HTTPOnly flag in their Set-Cookie header for session cookies. This omission can potentially allow remote attackers to access sensitive information through script access, increasing the risk of information leakage and security breaches.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.