Remote Information Disclosure Vulnerability in IBM Security Privileged Identity Manager
CVE-2016-5958
7.5HIGH
Summary
IBM Security Privileged Identity Manager possesses a vulnerability due to inadequate security measures for session cookies. Specifically, the secure flag is not set for session cookies transmitted in SSL mode, making them susceptible to interception during HTTP sessions. This flaw can be exploited by attackers to capture sensitive information stored in the compromised session cookie. The lack of protection could lead to unauthorized access to confidential data, posing significant security risks for organizations utilizing IBM's solution.
Affected Version(s)
Privileged Identity Manager 1.0.1
Privileged Identity Manager 1.0.1.1
Privileged Identity Manager 2.0.0
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved