16 matches found
EUVD-2026-12045
In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings...
CVE-2025-52632
A Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability in HCL AION.This issue affects AION: 2.0...
CVE-2025-52632
A Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability in HCL AION.This issue affects AION: 2.0...
CVE-2025-52632
A Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability in HCL AION.This issue affects AION: 2.0...
EUVD-2025-33702
A Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability in HCL AION.This issue affects AION: 2.0...
CVE-2025-52632 HCL AION is susceptible to Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability
A Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability in HCL AION.This issue affects AION: 2.0...
CVE-2025-52632 HCL AION is susceptible to Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability
A Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability in HCL AION.This issue affects AION: 2.0...
CVE-2025-36011
CVE-2025-36011 affects IBM Jazz for Service Management versions 1.1.3.0–1.1.3.24. The underlying issue is that authorization tokens and session cookies are stored without the Secure attribute, enabling cookie disclosure if a user is directed to or visits an insecure HTTP link. This could allow an...
CentOS 9 : tomcat-9.0.62-14.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the tomcat-9.0.62-14.el9 build changelog. - not including the secure attribute causes information CVE-2023-28708 - The fix for CVE-2023-24998 was incomplete for Apache Tomcat...
CVE-2024-0349 SourceCodester Engineers Online Portal missing secure attribute
A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie without secure attribute. The attack can be launched remotely. The complexity of an...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an information exposure in Apache Tomcat (CVE-2023-28708)
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an information exposure in Apache Tomcat due to the missing of secure attribute in some configurations for JSESSIONID Cookie CVE-2023-28708. Apache Tomca is included as part of the java microservices in our...
pyload 安全漏洞
pyload is a free and open source download manager written in Python, designed to be extremely lightweight, easily extensible, and fully manageable over the Web. pyload is a free and open source download manager written in Python. A security vulnerability exists in versions prior to pyload...
CVE-2018-25060 Macaron csrf csrf.go missing secure attribute
A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The complexity of a...
PT-2022-20900 · Rdiffweb · Rdiffweb
Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.4.2 Description: The issue allows a user's cookies to be sent to the server with an unencrypted request over the HTTP protocol because the 'Secure' attribute is missing in the HTTPS session. This affects the...
CVE-2021-29883
IBM Standards Processing Engine IBM Transformation Extender Advanced 9.0 and 10.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. T...
Security Bulletin: IBM Tivoli Federated Identity Manager is affected by a missing secure attribute in the encrypted session (SSL) cookie (CVE-2017-1319)
Summary IBM Tivoli Federated Identity Manager is affected by a vulnerability due to a missing secure attribute in encrypted session SSL cookie. Vulnerability Details CVEID: CVE-2017-1319 DESCRIPTION: IBM Tivoli Federated Identity Manager is affected by a vulnerability due to a missing secure...