CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

386 matches found

OSV•added 2021/01/21 2:15 p.m.•1 views

CVE-2020-4966

IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...

4.3CVSS5.6AI score0.01428EPSS

Exploits0References2

ATTACKERKB•added 2021/01/20 12:0 a.m.•3 views

CVE-2020-4966

4.3CVSS4.8AI score0.01428EPSS

Exploits0References3Affected Software1

OSV•added 2021/01/13 7:15 p.m.•2 views

CVE-2020-4597

IBM Security Guardium Insights 2.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link a...

4.3CVSS5.6AI score0.00623EPSS

Exploits0References2

NVD•added 2021/01/13 7:15 p.m.•11 views

CVE-2020-4597

4.3CVSS4.1AI score0.00623EPSS

Exploits0References2

Cvelist•added 2021/01/13 6:10 p.m.•15 views

CVE-2020-4597

4.3CVSS4.1AI score0.00623EPSS

Exploits0References2

IBM Security Bulletins•added 2020/12/18 5:5 a.m.•22 views

Security Bulletin: Datacap Taskmaster Capture is affected by vulnerable to using a cookie without the "secure" attribute

Summary AppScan found that an encrypted session SSL is using a cookie without the "secure" attribute and this can be fixed by adding a setting in web.config file Vulnerability Details Third Party Entry: PSIRT-ADV0026307 DESCRIPTION: Created from Advisory: ADV0026307 CVSS Base score: 4.3 CVSS...

1.7AI score

Exploits0Affected Software1

OSV•added 2020/11/16 5:15 p.m.•2 views

CVE-2020-4763

IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through 2.2.6.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The...

4.3CVSS5.6AI score0.00989EPSS

Exploits0References2

NVD•added 2020/11/16 5:15 p.m.•20 views

CVE-2020-4665

IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The...

4.3CVSS4.2AI score0.00989EPSS

Exploits0References2

OSV•added 2020/10/29 4:15 p.m.•2 views

CVE-2019-4563

IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link an...

5.3CVSS5.6AI score0.00919EPSS

Exploits0References2

NVD•added 2020/10/29 4:15 p.m.•19 views

CVE-2019-4563

5.3CVSS4.1AI score0.00919EPSS

Exploits0References2

Prion•added 2020/10/29 4:15 p.m.•18 views

Authorization

5CVSS4.7AI score0.00919EPSS

Exploits0References2Affected Software1

Cvelist•added 2020/10/29 3:50 p.m.•25 views

CVE-2019-4563

3.7CVSS4.8AI score0.00919EPSS

Exploits0References2

NVD•added 2020/10/20 3:15 p.m.•18 views

CVE-2020-4749

IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure li...

4.3CVSS0.00989EPSS

Exploits0References2

Prion•added 2020/10/12 1:15 p.m.•12 views

Buffer overflow

OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorized parties. IBM X-Force ID: 189158...

5CVSS5AI score0.00986EPSS

Exploits0References2Affected Software1

Cvelist•added 2020/10/12 1:5 p.m.•16 views

CVE-2020-4780

4.3CVSS5AI score0.00986EPSS

Exploits0References2

IBM Security Bulletins•added 2020/10/08 5:39 p.m.•20 views

Security Bulletin: OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Cúram Social Program Management (CVE-2020-4780)

Summary OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Cúram Social Program Management. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorised parties. Vulnerability Details CVEID: CVE-2020-4780 DESCRIPTION: OOT...

5.3CVSS1.5AI score0.00986EPSS

Exploits0Affected Software1

OSV•added 2020/09/21 3:15 p.m.•3 views

CVE-2020-4315

IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...

4.3CVSS5.6AI score0.01209EPSS

Exploits0References2

Prion•added 2020/09/21 3:15 p.m.•12 views

Authorization

4.3CVSS4.2AI score0.01209EPSS

Exploits0References2Affected Software1

Prion•added 2020/09/18 2:15 p.m.•17 views

Cross site request forgery (csrf)

An issue was discovered in Gradle Enterprise before 2020.2.5. The cookie used to convey the CSRF prevention token is not annotated with the “secure” attribute, which allows an attacker with the ability to MITM plain HTTP requests to obtain it, if the user mistakenly uses a HTTP instead of HTTPS...

2.6CVSS5.1AI score0.00542EPSS

Exploits0References2Affected Software1

Cvelist•added 2020/09/18 1:44 p.m.•23 views

CVE-2020-15767

5.2AI score0.00542EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by