Session Cookie Security Flaw in IBM i2 Analyst's Notebook Premium
CVE-2021-29769

3.1LOW

Key Information:

Vendor: IBM
Status: I2 Analyze
Vendor: CVE Published:; 26 July 2021

What is CVE-2021-29769?

IBM i2 Analyst's Notebook Premium is vulnerable due to its failure to set the secure attribute on authorization tokens and session cookies. This weakness allows malicious actors to potentially capture cookie values by tricking users into accessing an unsecured link. If a user interacts with such a link, the session cookie is sent over an insecure connection, enabling attackers to intercept and exploit the cookie data. This vulnerability underscores the importance of configuring secure attributes for session management in web applications.

Affected Version(s)

i2 Analyze 4.3.0

i2 Analyze 4.3.1

i2 Analyze 4.3.2

References

https://www.ibm.com/support/pages/node/6474883

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/202769

vdb-entryx_refsource_XF

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 26, 2021
Vulnerability Reserved
Mar 31, 2021