Cookie Security Flaw in IBM Security Guardium Big Data Intelligence
CVE-2019-4330

3.1LOW

Key Information:

Vendor
IBM
Vendor
CVE Published:
29 October 2019

Summary

IBM Security Guardium Big Data Intelligence (SonarG) version 4.0 has a vulnerability that does not properly set the secure attribute for cookies during HTTPS sessions. This oversight can lead to the potential exposure of these cookies in plaintext across unencrypted HTTP connections, thereby increasing the risk of unauthorized access and data interception.

Affected Version(s)

Security Guardium Big Data Intelligence 4

References

CVSS V3.1

Score:
3.1
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.