Session Cookie Vulnerability in IBM PowerHA SystemMirror for i
CVE-2024-55897

4.3MEDIUM

Key Information:

Vendor: IBM
Vendor: CVE Published:; 3 January 2025

Summary

The vulnerability present in IBM PowerHA SystemMirror for i versions 7.4 and 7.5 stems from the failure to set the secure attribute on authorization tokens and session cookies. This oversight exposes sensitive cookie values to potential attackers, who can exploit this weakness through crafted hyperlinks. When users are redirected to these insecure links, the associated cookies may be transmitted without protection. Consequently, attackers could intercept and retrieve these cookie values by monitoring the network traffic, leading to unauthorized access and data compromise. Organizations utilizing these versions must take immediate action to secure their configurations and mitigate the risks associated with this vulnerability.

References

https://www.ibm.com/support/pages/node/7180036

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 3, 2025

Collectors

NVD Database