IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 171825.
CPE | Name | Operator | Version |
---|---|---|---|
guardium_data_encryption | lt | 4.0.0.3 | |
guardium_for_cloud_key_management | lt | 1.7.0 |