Lucene search
+L

393 matches found

Prion
Prion
added 2021/07/26 12:15 p.m.11 views

Authorization

IBM i2 Analyst's Notebook Premium IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie...

4.3CVSS4.1AI score0.00511EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/07/26 12:10 p.m.25 views

CVE-2021-29769

IBM i2 Analyst's Notebook Premium IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie...

3.1CVSS4.3AI score0.00511EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2021/04/14 11:45 p.m.11 views

CVE-2021-26076

The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.0 allows remote anonymous attackers who can perform an attacker in the middle attack to learn...

6.8AI score0.01232EPSS
Exploits0References1
OSV
OSV
added 2021/02/16 4:15 p.m.4 views

CVE-2020-29024

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in GTA GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3...

5.3CVSS6.1AI score0.00512EPSS
Exploits0References1
NVD
NVD
added 2021/02/16 4:15 p.m.19 views

CVE-2020-29024

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in GTA GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3...

5.3CVSS0.00512EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/02/16 3:7 p.m.23 views

CVE-2020-29024 Missing HtppOnly and Secure flags

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in GTA GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3...

5.3CVSS5.4AI score0.00512EPSS
Exploits0References1
CVE
CVE
added 2021/02/16 3:7 p.m.54 views

CVE-2020-29024

The CVE-2020-29024 issue affects Secomea GateManager (GoToAppliance) prior to version 9.3, where cookies in HTTPS sessions can be exposed due to missing Secure attribute. This could allow an attacker to access sensitive cookies. The vulnerability is caused by insecure cookie handling in GoToAppli...

5.3CVSS5.3AI score0.00512EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/01/21 2:15 p.m.3 views

CVE-2020-4966

IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...

4.3CVSS5.6AI score0.01428EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/01/20 12:0 a.m.4 views

CVE-2020-4966

IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...

4.3CVSS4.8AI score0.01428EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/01/13 7:15 p.m.3 views

CVE-2020-4597

IBM Security Guardium Insights 2.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link a...

4.3CVSS5.6AI score0.00623EPSS
Exploits0References2
NVD
NVD
added 2021/01/13 7:15 p.m.14 views

CVE-2020-4597

IBM Security Guardium Insights 2.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link a...

4.3CVSS4.1AI score0.00623EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/01/13 6:10 p.m.18 views

CVE-2020-4597

IBM Security Guardium Insights 2.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link a...

4.3CVSS4.1AI score0.00623EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/18 5:5 a.m.22 views

Security Bulletin: Datacap Taskmaster Capture is affected by vulnerable to using a cookie without the "secure" attribute

Summary AppScan found that an encrypted session SSL is using a cookie without the "secure" attribute and this can be fixed by adding a setting in web.config file Vulnerability Details Third Party Entry: PSIRT-ADV0026307 DESCRIPTION: Created from Advisory: ADV0026307 CVSS Base score: 4.3 CVSS...

1.7AI score
Exploits0Affected Software1
OSV
OSV
added 2020/11/16 5:15 p.m.3 views

CVE-2020-4763

IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through 2.2.6.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The...

4.3CVSS5.6AI score0.00989EPSS
Exploits0References2
NVD
NVD
added 2020/11/16 5:15 p.m.21 views

CVE-2020-4665

IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The...

4.3CVSS4.2AI score0.00989EPSS
Exploits0References2
OSV
OSV
added 2020/10/29 4:15 p.m.4 views

CVE-2019-4563

IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link an...

5.3CVSS5.6AI score0.00919EPSS
Exploits0References2
NVD
NVD
added 2020/10/29 4:15 p.m.20 views

CVE-2019-4563

IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link an...

5.3CVSS4.1AI score0.00919EPSS
Exploits0References2
Prion
Prion
added 2020/10/29 4:15 p.m.20 views

Authorization

IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link an...

5CVSS4.7AI score0.00919EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/10/29 3:50 p.m.28 views

CVE-2019-4563

IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link an...

3.7CVSS4.8AI score0.00919EPSS
Exploits0References2
NVD
NVD
added 2020/10/20 3:15 p.m.19 views

CVE-2020-4749

IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure li...

4.3CVSS0.01001EPSS
Exploits0References2
Rows per page
Query Builder