2 matches found
CVE-2019-4743
IBM Financial Transaction Manager 3.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link...
CVE-2019-4743
IBM Financial Transaction Manager for SWIFT Services 3.0 is affected by CVE-2019-4743: authorization tokens and session cookies do not have the Secure attribute set, allowing cookie exposure over insecure links (http). This is documented in IBM Security Bulletin (CVE-2019-4743) with a remediation...