Main Vulnerability Database Vulnerabilities #VU22969

#VU22969 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in IBM SmartCloud Analytics - CVE-2019-4214

Published: November 25, 2019

Vulnerability identifier: #VU22969

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-4214

CWE-ID:

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
IBM SmartCloud Analytics

Software vendor:
IBM Corporation

Description

The vulnerability allows a remote attacker to gain access to sensitive information on the target system.

The vulnerability exists due to the affected software does not set the secure attribute on authorization tokens or session cookies. A remote attacker can intercept the transmission and obtain information from the cookie in clear text.

Remediation

Install updates from vendor's website.

External links

https://exchange.xforce.ibmcloud.com/vulnerabilities/159185
https://www.ibm.com/support/pages/node/1110171

#VU22969 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in IBM SmartCloud Analytics - CVE-2019-4214

Description

Remediation

External links

Please verify you're human