386 matches found
CVE-2025-36249
IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...
CVE-2025-36249 IBM Jazz for Service Management is vulnerable to "filter" cookie not sent over SSL
IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...
CVE-2025-36249 IBM Jazz for Service Management is vulnerable to "filter" cookie not sent over SSL
IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...
Security Bulletin: IBM Jazz for Service Management is vulnerable to "filter" cookie not sent over SSL
Summary IBM Jazz for Service Management is vulnerable to "filter" cookie not sent over SSL CVE-2025-36249. Vulnerability Details CVEID:CVE-2025-36249 DESCRIPTION: IBM Jazz for Service Management does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to...
PT-2025-44624
Name of the Vulnerable Software and Affected Versions IBM Jazz for Service Management versions 1.1.3.0 through 1.1.3.25 Description The software does not set the secure attribute on authorization tokens or session cookies. This could allow attackers to obtain cookie values by sending an insecure...
CVE-2025-12031
HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...
CVE-2025-12031
HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...
CVE-2025-12031 HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute
HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...
CVE-2025-12031
The CVE-2025-12031 entry covers Azure Access Technology BLU-IC2 and BLU-IC4 networked access controllers. The connected CNVD/RH/NVD records confirm a weakness caused by missing Secure and HttpOnly cookie attributes, enabling reading of sensitive cookies from a JavaScript context. Affected version...
CVE-2025-12031 HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute
HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...
CVE-2025-52632
A Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability in HCL AION.This issue affects AION: 2.0...
CVE-2025-52632
A Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability in HCL AION.This issue affects AION: 2.0...
CVE-2025-52632
A Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability in HCL AION.This issue affects AION: 2.0...
EUVD-2025-33702
A Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability in HCL AION.This issue affects AION: 2.0...
CVE-2025-52632 HCL AION is susceptible to Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability
A Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability in HCL AION.This issue affects AION: 2.0...
CVE-2025-52632
CVE-2025-52632 affects HCL AION 2.0 and is described as a Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability. The available connected sources confirm the affected product (HCL AION) and the issue arises in encrypted session cookies lacking the Secure attribute, which can exp...
CVE-2025-52632 HCL AION is susceptible to Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability
A Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability in HCL AION.This issue affects AION: 2.0...
PT-2025-41538
Name of the Vulnerable Software and Affected Versions HCL AION version 2.0 Description The software contains a missing secure attribute in encrypted session cookies. This could allow attackers to potentially intercept sensitive information transmitted in the session. Recommendations At the moment...
EUVD-2021-25414
Malware in sbrugna...
EUVD-2019-13778
Malware in sbrugna...