Description

IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 149703.

Remediation

References

CVE-2018-1804

Related Vulnerabilities

Drupal Core 8.x Security Bypass (8.0.0 - 8.1.6)

WordPress Plugin Integration for Contact Form 7 and Salesforce Cross-Site Scripting (1.2.4)

MySQL CVE-2022-21329 Vulnerability (CVE-2022-21329)

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-21967)

XOOPS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-5665)

Severity

Low

Classification

CVE-2018-1804 CWE-384 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities