2 matches found
CVE-2014-0905
IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the secure flag for the LTPA cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
CVE-2014-0905
The vulnerability CVE-2014-0905 affects IBM InfoSphere BigInsights Console (Versions 2.0–2.1.2). The root cause is that the LTPA cookie does not set the Secure attribute in HTTPS sessions, allowing a man‑in‑the‑middle to intercept potentially sensitive cookies transmitted over non-HTTP (insecure)...