Session Cookie Vulnerability in IBM SmartCloud Analytics
CVE-2019-4214

3.7LOW

Key Information:

Vendor: IBM
Status: Smartcloud Analytics
Vendor: CVE Published:; 22 November 2019

Summary

IBM SmartCloud Analytics versions 1.3.1 through 1.3.5 are affected by a vulnerability that fails to set the secure attribute on authorization tokens and session cookies. This oversight can potentially allow attackers to exploit man-in-the-middle techniques to intercept sensitive information, posing a significant risk to the confidentiality of user data and interactions.

Affected Version(s)

SmartCloud Analytics 1.3.1

SmartCloud Analytics 1.3.2

SmartCloud Analytics 1.3.3

References

https://www.ibm.com/support/pages/node/1110171

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/159185

vdb-entryx_refsource_XF

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2019
Vulnerability Reserved
Jan 3, 2019