Session Management Flaw in IBM Security Identity Manager Virtual Appliance
CVE-2016-0351

3.7LOW

Key Information:

Vendor
IBM
Status
Security Identity Manager Virtual Appliance
Vendor
CVE Published:
21 February 2018

Summary

The IBM Security Identity Manager Virtual Appliance 7.0.x prior to version 7.0.1.3-ISS-SIM-IF0001 contains a flaw in session management where the secure flag for session cookies is not set during HTTPS sessions. This oversight allows potential attackers to intercept session cookies transmitted over unencrypted HTTP connections, posing a risk to users' sensitive data and authentication credentials. As such, it's crucial for organizations using the affected version to apply the necessary updates and mitigate this vulnerability to safeguard their digital environments.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21989198
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/111890
vdb-entryx_refsource_XF

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.