CVE-2018-1948

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Security Identity Governance And Intelligence
Vendor: CVE Published:; 21 February 2019

Summary

IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 153428.

Affected Version(s)

Security Identity Governance and Intelligence 5.2

Security Identity Governance and Intelligence 5.2.1

Security Identity Governance and Intelligence 5.2.2

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/153428

vdb-entryx_refsource_XF

https://www.ibm.com/support/docview.wss?uid=ibm10872142

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 21, 2019
Vulnerability Reserved
Dec 13, 2017