Unauthorized Cookie Access in IBM Security Access Manager for Enterprise Single Sign-On
CVE-2017-1732

4.3MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
17 August 2018

Summary

IBM Security Access Manager for Enterprise Single Sign-On version 8.2.2 contains a vulnerability due to its failure to set the secure attribute on authorization tokens and session cookies. This oversight allows attackers to potentially intercept sensitive cookie values through malicious links, which, when clicked by users, could expose their session details on insecure channels. This vulnerability raises serious concerns regarding data integrity and confidentiality, making it essential for users to secure their authentication mechanisms.

Affected Version(s)

Security Access Manager for Enterprise Single Sign-On 8.2.2

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.