6.1 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
71.0%
The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
www-01.ibm.com/support/docview.wss?uid=swg1IV64010
www.ibm.com/support/docview.wss?uid=swg21693379
www.ibm.com/support/docview.wss?uid=swg21693381
www.ibm.com/support/docview.wss?uid=swg21693384
www.ibm.com/support/docview.wss?uid=swg21693387
www.ibm.com/support/docview.wss?uid=swg21693389
exchange.xforce.ibmcloud.com/vulnerabilities/97622