Description
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 149703.
Remediation
References
Related Vulnerabilities
WordPress Plugin Photo Gallery-Image Gallery by Ape Security Bypass (2.0.6)
MySQL CVE-2022-21314 Vulnerability (CVE-2022-21314)
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5487)
ClipBucket Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-7665)
WordPress Plugin CF7 Invisible reCAPTCHA Cross-Site Scripting (1.3.1)