IBM QRadar incident forensics authorization cookie is missing the httponly attribute.
CVE-ID:CVE-2015-1994
**Description:**IBM Qradar Incident Forensics could allow a remote attacker to obtain sensitive information, caused by the failure to set the httponly attribute for the session cookie. An attacker could exploit this vulnerability to capture the cookie and obtain sensitive information.
**CVSS Base Score:**4.3 **CVSS Temporal Score:**See https://exchange.xforce.ibmcloud.com/vulnerabilities/103880 for the current score **CVSS Environmental Score:***Undefined **CVSS Vector:**AV:N/AC:M/Au:N/C:P/I:N/A:N
ยท IBM QRadar Incident Forensics 7.2.n
ยท IBM QRadar/QRM/QVM/QRIF 7.2.5 Patch 5
None