Session Cookie Vulnerability in IBM WebSphere eXtreme Scale Products
CVE-2015-2025

Currently unrated

Key Information:

Vendor
IBM
Vendor
CVE Published:
4 October 2015

Summary

The WebSphere eXtreme Scale versions 7.1.0 (prior to 7.1.0.3) and 7.1.1 (prior to 7.1.1.1) fail to secure session cookies by not setting the 'secure' flag for HTTPS sessions. This oversight allows attackers to potentially intercept session cookies during transmission over unsecured HTTP connections, increasing the risk of unauthorized access and data compromise.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.