CVE-2018-1484

Name of the Vulnerable Software and Affected Versions IBM BigFix Platform versions 9.2.0 through 9.2.14 IBM BigFix Platform versions 9.5 through 9.5.9

Description The issue allows attackers to obtain cookie values by sending a http link to a user or by planting this link in a site the user visits. When the user clicks on the link, the cookie will be sent to the insecure link, and the attacker can then obtain the cookie value by snooping the traffic.

Recommendations For IBM BigFix Platform versions 9.2.0 through 9.2.14, update the platform to set the secure attribute on authorization tokens or session cookies. For IBM BigFix Platform versions 9.5 through 9.5.9, update the platform to set the secure attribute on authorization tokens or session cookies. As a temporary workaround, consider restricting access to sensitive information and using secure communication protocols to minimize the risk of exploitation.