Session Cookie Vulnerability in IBM WebSphere eXtreme Scale Products
CVE-2015-2025

Currently unrated

Key Information:

Vendor
IBM
Status
Websphere Extreme Scale
Vendor
CVE Published:
4 October 2015

Summary

The WebSphere eXtreme Scale versions 7.1.0 (prior to 7.1.0.3) and 7.1.1 (prior to 7.1.1.1) fail to secure session cookies by not setting the 'secure' flag for HTTPS sessions. This oversight allows attackers to potentially intercept session cookies during transmission over unsecured HTTP connections, increasing the risk of unauthorized access and data compromise.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21966044
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg1PI44105
vendor-advisoryx_refsource_AIXAPAR
http://www-01.ibm.com/support/docview.wss?uid=swg1PI44098
vendor-advisoryx_refsource_AIXAPAR

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.