Session Cookie Vulnerability in IBM Security QRadar Incident Forensics
CVE-2015-1994
Currently unrated
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 8 November 2015
Summary
IBM Security QRadar Incident Forensics versions 7.2.x prior to 7.2.5 Patch 5 lack the HTTPOnly flag in their Set-Cookie header for session cookies. This omission can potentially allow remote attackers to access sensitive information through script access, increasing the risk of information leakage and security breaches.
References
Timeline
Vulnerability published
Vulnerability Reserved