Session Cookie Vulnerability in IBM BigFix Platform
CVE-2018-1484
3.7LOW
Summary
The IBM BigFix Platform versions 9.2.0 through 9.2.14 and 9.5 through 9.5.9 fail to secure the attribute on authorization tokens and session cookies. This oversight could enable attackers to intercept cookie values by luring users to click on an unsecured link. If an unsuspecting user accesses a malicious HTTP link, the session cookies can be transmitted insecurely. This vulnerability presents a risk, as attackers could potentially capture and misuse cookie data, compromising user sessions and sensitive information. For further details, see IBM's report.
Affected Version(s)
BigFix Platform 9.5.9
BigFix Platform 9.2.0
BigFix Platform 9.2.14
References
CVSS V3.1
Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved