CVE-2019-4743

Name of the Vulnerable Software and Affected Versions IBM Financial Transaction Manager version 3.0

Description The issue allows attackers to obtain cookie values by exploiting the lack of secure attribute setting on authorization tokens or session cookies. This can be achieved by sending an http link to a user or planting it on a site the user visits, causing the cookie to be sent to the insecure link. The attacker can then snoop the traffic to obtain the cookie value.

Recommendations For IBM Financial Transaction Manager version 3.0, consider setting the secure attribute on authorization tokens or session cookies to prevent them from being sent over insecure connections. As a temporary workaround, restrict access to sensitive areas of the application that use these cookies to minimize the risk of exploitation.