PT-2014-3934 · Ibm · Ibm Infosphere Biginsights
Publicado
2014-08-17
·
Atualizado
2017-08-29
·
CVE-2014-0905
CVSS v2.0
2.9
Baixa
| Vetor | AV:A/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM InfoSphere BigInsights versions 2.0 through 2.1.2
Description
The issue makes it easier for remote attackers to capture the LTPA cookie by intercepting its transmission within an http session, as the secure flag is not set for the LTPA cookie in an https session.
Recommendations
For versions 2.0 through 2.1.2, consider configuring the application to set the secure flag for the LTPA cookie in https sessions to prevent interception.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ibm Infosphere Biginsights