Main Vulnerability Database Vulnerabilities #VU22969

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in IBM SmartCloud Analytics - CVE-2019-4214

Published: November 25, 2019

Vulnerability identifier: #VU22969

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-4214

CWE-ID:

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
IBM SmartCloud Analytics

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to sensitive information on the target system.

The vulnerability exists due to the affected software does not set the secure attribute on authorization tokens or session cookies. A remote attacker can intercept the transmission and obtain information from the cookie in clear text.

How to mitigate CVE-2019-4214

Install updates from vendor's website.

Sources

https://exchange.xforce.ibmcloud.com/vulnerabilities/159185
https://www.ibm.com/support/pages/node/1110171

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in IBM SmartCloud Analytics - CVE-2019-4214

Detailed vulnerability description

How to mitigate CVE-2019-4214

Sources

Please verify you're human