Cookie Security Flaw in IBM Security Guardium Big Data Intelligence
CVE-2019-4330
3.1LOW
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 29 October 2019
Summary
IBM Security Guardium Big Data Intelligence (SonarG) version 4.0 has a vulnerability that does not properly set the secure attribute for cookies during HTTPS sessions. This oversight can lead to the potential exposure of these cookies in plaintext across unencrypted HTTP connections, thereby increasing the risk of unauthorized access and data interception.
Affected Version(s)
Security Guardium Big Data Intelligence 4
References
CVSS V3.1
Score:
3.1
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved