Unauthorized Cookie Access in IBM Security Access Manager for Enterprise Single Sign-On
CVE-2017-1732
4.3MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 17 August 2018
Summary
IBM Security Access Manager for Enterprise Single Sign-On version 8.2.2 contains a vulnerability due to its failure to set the secure attribute on authorization tokens and session cookies. This oversight allows attackers to potentially intercept sensitive cookie values through malicious links, which, when clicked by users, could expose their session details on insecure channels. This vulnerability raises serious concerns regarding data integrity and confidentiality, making it essential for users to secure their authentication mechanisms.
Affected Version(s)
Security Access Manager for Enterprise Single Sign-On 8.2.2
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved