Unauthorized Access Risk in IBM Transformation Extender Advanced Products
CVE-2021-29883

4.3MEDIUM

Key Information:

Vendor

IBM
Status
Transformation Extender Advanced
Vendor
CVE Published:
21 October 2021

What is CVE-2021-29883?

A vulnerability in IBM Transformation Extender Advanced allows for the potential exposure of session cookies and authorization tokens. Due to the absence of secure attributes on these cookies, attackers could exploit this vulnerability by tricking users into clicking on malicious links. Such links may direct users to insecure HTTP sites, thereby causing the session information to be transmitted in a non-secure manner. Attackers can intercept this information during transmission, leading to unauthorized access and exploitation of user sessions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Transformation Extender Advanced 9.0

Transformation Extender Advanced 10.0

References

https://www.ibm.com/support/pages/node/6507077
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/207090
vdb-entryx_refsource_XF

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.