2 matches found
CVE-2019-4638
CVE-2019-4638 affects IBM Security Secret Server. The issue is that 10.x tokens/cookies used for authorization are not marked Secure, enabling potential exposure of sensitive data via man-in-the-middle if cookies are transmitted over non-HTTPS connections. Affected product: IBM Security Secret Se...
Security Bulletin: A Security Vulnerability Has Been Identified In IBM Security Secret Server (CVE-2019-4638)
Summary A security vulnerability identified on IBM Security Secret Server has been addressed in the release 10.7.000059. Vulnerability Details CVEID: CVE-2019-4638 DESCRIPTION: IBM Security Secret Server does not set the secure attribute on authorization tokens or session cookies. This could allo...