2 matches found
Security Bulletin: IBM Engineering Lifecycle Management is vulnerable to execute local scripts to access the cookie(s) when set without the HttpOnly flag.(CVE-2021-20355)
Summary Summary guidance: - The Jazz Team Server is vulnerable to execute local scripts to access the cookies and transmitted it to another site when cookies is set without the HttpOnly flag. Vulnerability Details CVEID: CVE-2021-20355 DESCRIPTION: IBM Jazz Foundation could allow a remote attacke...
CVE-2021-20355
The CVE-2021-20355 affects IBM Jazz Team Server versions 6.0.6–7.0.2, where the HTTPOnly flag is not set on cookies, enabling a remote attacker to obtain sensitive data from cookies. The issue is documented across multiple sources (IBM bulletin and CVE records). Remediation is available via IBM i...