Description

IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 149703.

Remediation

References

CVE-2018-1804

Related Vulnerabilities

WordPress Plugin Dbox 3D Slider Lite SQL Injection (1.2.2)

Lighttpd Uncontrolled Resource Consumption Vulnerability (CVE-2022-30780)

phpMyAdmin Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-9849)

Joomla! Core 3.x.x Directory Traversal (3.0.0 - 3.9.24)

Atlassian Confluence Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8399)

Severity

Low

Classification

CVE-2018-1804 CWE-384 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities