Security Bulletin: IBM Tivoli Federated Identity Manager is affected by a missing secure attribute in the encrypted session (SSL) cookie (CVE-2017-1319)

Summary IBM Tivoli Federated Identity Manager is affected by a vulnerability due to a missing secure attribute in encrypted session SSL cookie. Vulnerability Details CVEID: CVE-2017-1319 DESCRIPTION: IBM Tivoli Federated Identity Manager is affected by a vulnerability due to a missing secure...

CVE-2017-1319

Summary: CVE-2017-1319 affects IBM Tivoli Federated Identity Manager (TFIM) 6.2.x (versions 6.2.0, 6.2.1, 6.2.2). The root cause is a missing secure attribute in the encrypted session (SSL) cookie, exposing potential information disclosure. Impact: information disclosure via cookies. Remediation:...

Virtuozzo Linux Errata and Bugfix Advisory 2017:1319

Upstream security update. Follow RHBA-2017-1319 for details...

IBM Tivoli Federated Identity Manager 6.2.x < 6.2.2 FP17 Multiple Vulnerabilities

The version of IBM Tivoli Federated Identity Manager installed on the remote Windows host is 6.2.x prior to 6.2.2.17. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists due to a failure to properly use Secure attributes in cookies. An...