Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMB399B90A8D6875C57DAA06DBB56AA12A1B0BC3F43F983DDCD52B24F39DCD1045
HistoryAug 15, 2018 - 6:27 p.m.

Security Bulletin: A security vulnerability has been fixed in IBM Security Access Manager for Enterprise Single-Sign On (CVE-2017-1732)

2018-08-1518:27:47
www.ibm.com
8

EPSS

0.001

Percentile

29.3%

JSON

Summary

IBM Security Access Manager for Enterprise Single-Sign On does not set the secure attribute on authorization tokens or session cookies.

Vulnerability Details

CVEID: CVE-2017-1732 DESCRIPTION: IBM Security Access Manager for Enterprise Single-Sign On does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134913&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)

Affected Products and Versions

IBM Security Access Manager for Enterprise Single-Sign On (ISAM ESSO) 8.2.2

Remediation/Fixes

Affected Products and Version Fix Availability
ISAM ESSO 8.2.2 8.2.2-ISS-SAMESSO-IMS-FP0002

Workarounds and Mitigations

None

Related

prion 1
nvd 1
cve 1
cvelist 1
prion
prion
Authorization
2018-08-17 16:29:00
nvd
nvd
CVE-2017-1732
2018-08-17 16:29:00
cve
cve
CVE-2017-1732
2018-08-17 16:29:00
cvelist
cvelist
CVE-2017-1732
2018-08-17 16:00:00

EPSS

0.001

Percentile

29.3%

JSON
Related for B399B90A8D6875C57DAA06DBB56AA12A1B0BC3F43F983DDCD52B24F39DCD1045
prion1nvd1cve1cvelist1