Unauthorized Cookie Access in IBM Security Access Manager for Enterprise Single Sign-On
CVE-2017-1732

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Security Access Manager For Enterprise Single Sign-on
Vendor: CVE Published:; 17 August 2018

Summary

IBM Security Access Manager for Enterprise Single Sign-On version 8.2.2 contains a vulnerability due to its failure to set the secure attribute on authorization tokens and session cookies. This oversight allows attackers to potentially intercept sensitive cookie values through malicious links, which, when clicked by users, could expose their session details on insecure channels. This vulnerability raises serious concerns regarding data integrity and confidentiality, making it essential for users to secure their authentication mechanisms.

Affected Version(s)

Security Access Manager for Enterprise Single Sign-On 8.2.2

References

http://www.ibm.com/support/docview.wss?uid=ibm10726017

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/134913

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 17, 2018
Vulnerability Reserved
Nov 30, 2016