PT-2017-12959 · Ibm · Ibm Tivoli Federated Identity Manager

Publicado

2017-06-08

Atualizado

2017-07-08

CVE-2017-1319

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Tivoli Federated Identity Manager version 6.2

Description The issue arises from a missing secure attribute in an encrypted session SSL cookie.

Recommendations For IBM Tivoli Federated Identity Manager version 6.2, ensure that the secure attribute is properly set in the encrypted session SSL cookie to mitigate the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Inadequate Encryption Strength

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-326

Identificadores relacionados

CVE-2017-1319

Produtos afetados

Ibm Tivoli Federated Identity Manager

PT-2017-12959 · Ibm · Ibm Tivoli Federated Identity Manager

CVE-2017-1319

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5