Lucene search

K
prionPRIOn knowledge basePRION:CVE-2023-38363
HistoryNov 13, 2023 - 2:15 a.m.

Authorization

2023-11-1302:15:00
PRIOn knowledge base
www.prio-n.com
2
ibm cics
authorization tokens
session cookies
security attribute
attackers
http link
cookie value
traffic snooping
ibm x-force id 260818

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.2%

IBM CICS TX Advanced 10.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 260818.

CPENameOperatorVersion
cics_txeq10.1

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.2%

Related for PRION:CVE-2023-38363