Lucene search
+L

393 matches found

Prion
Prion
added 2020/10/12 1:15 p.m.15 views

Buffer overflow

OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorized parties. IBM X-Force ID: 189158...

5CVSS5AI score0.00998EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/10/12 1:5 p.m.16 views

CVE-2020-4780

OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorized parties. IBM X-Force ID: 189158...

4.3CVSS5AI score0.00998EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/08 5:39 p.m.21 views

Security Bulletin: OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Cúram Social Program Management (CVE-2020-4780)

Summary OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Cúram Social Program Management. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorised parties. Vulnerability Details CVEID: CVE-2020-4780 DESCRIPTION: OOT...

5.3CVSS1.5AI score0.00998EPSS
Exploits0Affected Software1
OSV
OSV
added 2020/09/21 3:15 p.m.5 views

CVE-2020-4315

IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...

4.3CVSS5.6AI score0.01209EPSS
Exploits0References2
Prion
Prion
added 2020/09/21 3:15 p.m.14 views

Authorization

IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...

4.3CVSS4.2AI score0.01209EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/09/18 2:15 p.m.18 views

Cross site request forgery (csrf)

An issue was discovered in Gradle Enterprise before 2020.2.5. The cookie used to convey the CSRF prevention token is not annotated with the “secure” attribute, which allows an attacker with the ability to MITM plain HTTP requests to obtain it, if the user mistakenly uses a HTTP instead of HTTPS...

2.6CVSS5.1AI score0.00542EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/09/18 1:44 p.m.28 views

CVE-2020-15767

An issue was discovered in Gradle Enterprise before 2020.2.5. The cookie used to convey the CSRF prevention token is not annotated with the “secure” attribute, which allows an attacker with the ability to MITM plain HTTP requests to obtain it, if the user mistakenly uses a HTTP instead of HTTPS...

5.2AI score0.00542EPSS
Exploits0References2
OSV
OSV
added 2020/07/16 3:15 p.m.6 views

CVE-2020-4316

IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecu...

4.7CVSS5.6AI score0.01172EPSS
Exploits0References2
OSV
OSV
added 2020/07/09 7:15 p.m.2 views

CVE-2020-4173

IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecur...

4.3CVSS5.6AI score0.00921EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/11 6:29 p.m.19 views

Security Bulletin: IBM Sterling B2B Integrator's session or sensitive cookies do not have the secure attribute enabled (CVE-2012-5936)

Summary IBM Sterling B2B Integrator's session or sensitive cookies do not have the secure attribute enabled. As a result, customers who use HTTP could be vulnerable to cookie hijacking attacks. Vulnerability Details CVE ID: CVE-2012-5936 DESCRIPTION: IBM Sterling B2B Integrator does not set the...

5CVSS1.1AI score0.01365EPSS
Exploits0Affected Software2
Prion
Prion
added 2020/02/05 4:15 p.m.11 views

Authorization

IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link a...

2.9CVSS3.5AI score0.00309EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/02/05 3:20 p.m.19 views

CVE-2019-4616

IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link a...

4.3CVSS3.5AI score0.00309EPSS
Exploits0References2
OSV
OSV
added 2020/01/28 7:15 p.m.4 views

CVE-2019-4638

IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 170044...

3.7CVSS5.8AI score0.00792EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/01/28 6:30 p.m.20 views

CVE-2019-4638

IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 170044...

3.7CVSS3.6AI score0.00792EPSS
Exploits0References2
NVD
NVD
added 2019/12/20 5:15 p.m.22 views

CVE-2019-4743

IBM Financial Transaction Manager 3.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link...

4.3CVSS4.1AI score0.0063EPSS
Exploits0References2
Prion
Prion
added 2019/12/20 5:15 p.m.22 views

Authorization

IBM Financial Transaction Manager 3.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link...

4.3CVSS4.1AI score0.0063EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/12/20 4:25 p.m.22 views

CVE-2019-4743

IBM Financial Transaction Manager 3.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link...

4.3CVSS4.1AI score0.0063EPSS
Exploits0References2
NVD
NVD
added 2019/11/28 5:15 p.m.26 views

CVE-2019-19375

In Octopus Deploy before 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. The fix for this was backported to LTS versions 2019.6.14 and 2019.9.8...

5.3CVSS5.3AI score0.00421EPSS
Exploits0References1
OSV
OSV
added 2019/11/28 5:15 p.m.6 views

CVE-2019-19375

In Octopus Deploy before 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. The fix for this was backported to LTS versions 2019.6.14 and 2019.9.8...

5.3CVSS6.1AI score0.00421EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/11/28 4:16 p.m.27 views

CVE-2019-19375

In Octopus Deploy before 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. The fix for this was backported to LTS versions 2019.6.14 and 2019.9.8...

5.3AI score0.00421EPSS
Exploits0References1
Rows per page
Query Builder