386 matches found
CVE-2024-39734
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent...
CVE-2023-33860
CVE-2023-33860 affects IBM Security QRadar EDR version 3.12. The vulnerability arises because authorization tokens or session cookies are not marked with the Secure attribute, enabling cookies to be sent over HTTP. Attack scenario described in the sources includes sending a link via HTTP or embed...
CVE-2021-20450
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...
CVE-2021-20450
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...
CVE-2021-20450 IBM Cognos Controller information disclosure
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...
PT-2024-13337 · Ibm · Ibm Sterling Secure Proxy
Name of the Vulnerable Software and Affected Versions: IBM Sterling Secure Proxy versions 6.0.3 through 6.1.0 Description: The issue concerns the failure to set the secure attribute on authorization tokens or session cookies. Attackers may exploit this by sending a http:// link to a user or by...
PT-2024-10411 · Ibm · Ibm Security Directory Integrator +1
Name of the Vulnerable Software and Affected Versions: IBM Security Directory Integrator version 7.2.0 IBM Security Verify Directory Integrator version 10.0.0 Description: The issue is related to the absence of the secure attribute in session cookies, allowing attackers to obtain cookie values by...
PT-2024-10410 · Ibm · Ibm Security Directory Integrator +1
Name of the Vulnerable Software and Affected Versions: IBM Security Directory Integrator version 7.2.0 IBM Security Verify Directory Integrator version 10.0.0 Description: The issue is related to the absence of the secure attribute in session cookies, which may allow attackers to obtain cookie...
CentOS 9 : tomcat-9.0.62-14.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the tomcat-9.0.62-14.el9 build changelog. - not including the secure attribute causes information CVE-2023-28708 - The fix for CVE-2023-24998 was incomplete for Apache Tomcat...
CVE-2023-42016
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the...
CVE-2023-42016
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the...
PT-2024-13031 · Ibm · Ibm Sterling B2B Integrator Standard Edition
Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator Standard Edition versions 6.0.0.0 through 6.0.3.8 IBM Sterling B2B Integrator Standard Edition versions 6.1.0.0 through 6.1.2.3 Description: The issue allows attackers to obtain cookie values by sending a http link...
CentOS 8 : tomcat (CESA-2023:7065)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:7065 advisory. - tomcat: Fix for was incomplete CVE-2023-24998 - When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the...
CVE-2024-0349 SourceCodester Engineers Online Portal missing secure attribute
A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie without secure attribute. The attack can be launched remotely. The complexity of an...
PT-2024-15485 · Sourcecodester · Sourcecodester Engineers Online Portal
Name of the Vulnerable Software and Affected Versions: SourceCodester Engineers Online Portal version 1.0 Description: A vulnerability was found in the software, affecting an unknown functionality. The manipulation leads to a sensitive cookie without a secure attribute. The attack can be launched...
ALSA-2023:7065 Moderate: tomcat security and bug fix update
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: Apache Commons FileUpload: FileUpload DoS with excessive parts CVE-2023-24998 tomcat: not including the secure attribute causes information disclosure CVE-2023-28708 tomcat: Fix for...
PT-2023-26386 · Ibm · Ibm Cics Tx Advanced
Name of the Vulnerable Software and Affected Versions: IBM CICS TX Advanced version 10.1 Description: The issue arises because IBM CICS TX Advanced does not set the secure attribute on authorization tokens or session cookies. This allows attackers to potentially obtain cookie values by sending a...
MOXA PT-G503 Security Vulnerability
MOXA PT-G503 is a series of Layer 2 managed switches from China's MOXA. A security vulnerability exists in MOXA PT-G503 v5.2 and earlier versions, which stems from not setting the security attribute of a sensitive cookie in an HTTPS session, which could result in the cookie being transmitted in...
Sensitive cookie in HTTPS session without 'Secure' attribute in thorsten/phpmyfaq
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1...
CVE-2023-5866 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in thorsten/phpmyfaq
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1...