PT-2019-16969 · Ibm · Ibm Smartcloud Analytics

Publicado

2019-11-22

Atualizado

2020-08-24

CVE-2019-4214

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM SmartCloud Analytics versions 1.3.1 through 1.3.5

Description The issue allows an attacker to obtain sensitive information using man-in-the-middle techniques because it does not set the secure attribute on authorization tokens or session cookies.

Recommendations For IBM SmartCloud Analytics versions 1.3.1 through 1.3.5, consider updating the software to a version that sets the secure attribute on authorization tokens or session cookies to prevent sensitive information from being obtained by an attacker.

Correção

Incorrect Permission

Missing Encryption of Sensitive Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732CWE-311

Identificadores relacionados

CVE-2019-4214

Produtos afetados

Ibm Smartcloud Analytics

PT-2019-16969 · Ibm · Ibm Smartcloud Analytics

CVE-2019-4214

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4