CVE-2020-4316

IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecu...

CVE-2020-4173

IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecur...

Security Bulletin: IBM Sterling B2B Integrator's session or sensitive cookies do not have the secure attribute enabled (CVE-2012-5936)

Summary IBM Sterling B2B Integrator's session or sensitive cookies do not have the secure attribute enabled. As a result, customers who use HTTP could be vulnerable to cookie hijacking attacks. Vulnerability Details CVE ID: CVE-2012-5936 DESCRIPTION: IBM Sterling B2B Integrator does not set the...

Authorization

IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link a...

CVE-2019-4616

IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link a...

CVE-2019-4638

IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 170044...

CVE-2019-4638

IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 170044...

CVE-2019-4743

IBM Financial Transaction Manager 3.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link...

Authorization

IBM Financial Transaction Manager 3.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link...

CVE-2019-4743

IBM Financial Transaction Manager 3.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link...

CVE-2019-19375

In Octopus Deploy before 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. The fix for this was backported to LTS versions 2019.6.14 and 2019.9.8...

CVE-2019-19375

In Octopus Deploy before 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. The fix for this was backported to LTS versions 2019.6.14 and 2019.9.8...

CVE-2019-19375

In Octopus Deploy before 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. The fix for this was backported to LTS versions 2019.6.14 and 2019.9.8...

Octopus Deploy has an unspecified vulnerability (CNVD-2019-46262)

Octopus Deploy is an automation tool for .NET, Java and other application development and deployment from Octopus Deploy Australia. A security vulnerability exists in Octopus Deploy versions prior to 2019.10.7 that stems from a CSRF cookie sometimes missing the secure attribute when SSL offloadin...

CVE-2019-4214

IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 159185...

CVE-2019-4214

IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 159185...

CVE-2019-4214

IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 159185...

IBM Security Guardium Big Data Intelligence Information Disclosure Vulnerability (CNVD-2019-38294)

IBM Security Guardium Big Data Intelligence SonarG is a suite of big data security intelligence solutions from IBM, USA. The solution features interactive data exploration, automated connectivity analysis, and user activity analysis. An information disclosure vulnerability exists in IBM Security...

CVE-2018-1948

IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes...

CVE-2018-1948

CVE-2018-1948 affects IBM Security Identity Governance and Intelligence (IGI) Virtual Appliance 5.2.x. The vulnerability is that authorization tokens and session cookies are not marked Secure, allowing cookies to be sent over HTTP. An attacker could exploit this by enticing a user to click an HTT...