Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Missing Cookie Secure Attribute vulnerability

Summary

IBM Security Guardium Big Data Intelligence (SonarG) has addressed the following vulnerability.

Vulnerability Details

CVEID: CVE-2019-4330 DESCRIPTION: IBM Security Guardium Big Data Intelligence (SonarG) does not set the secure attribute for cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session.
CVSS Base Score: 3.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/161210&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected IBM Security Guardium Big Data Intelligence (SonarG)

|

Affected Versions

—|—
IBM Security Guardium Big Data Intelligence (SonarG) | 4.0

Remediation/Fixes

Product

|

VRMF

|

Remediation / First Fix

—|—|—
IBM Security Guardium Big Data Intelligence (SonarG) | 4.0 | rhel7.x_IBM_Guardium_big_data_security_installer_4.1.0.tar.gz

Workarounds and Mitigations

None