2 matches found
Security Bulletin: IBM Engineering Lifecycle Management is vulnerable to execute scripts to access the cookie JSA_CSRF when set without the HttpOnly flag.(CVE-2021-38879)
Summary Summary guidance: - The Jazz Team Server is vulnerable to execute scripts to access the cookie and transmitted it to another site when JSACSRF cookie is set without the HttpOnly flag. Vulnerability Details CVEID: CVE-2021-38879 DESCRIPTION: IBM Jazz Foundation could allow a remote attacke...
CVE-2021-38879
IBM Jazz Team Server versions 6.0.6–7.0.2 are affected by an information disclosure vulnerability due to cookie HTTPOnly flag not being set. The underlying cause is the failure to mark the JSA_CSRF cookie as HttpOnly, allowing a remote attacker to obtain sensitive information from the cookie. Imp...