Zane Parker

Name of the Vulnerable Software and Affected Versions IBM Maximo Application Suite versions 9.1, 9.0, 8.11, and 8.10 Description The IBM Maximo Application Suite does not set the secure attribute on authorization tokens or session cookies. This could allow attackers to obtain cookie values by sending a user a link using the http:// protocol or by planting such a link on a site the user visits. The cookie will be sent to the insecure link, allowing the attacker to capture the cookie value by monitoring network traffic. Recommendations Update IBM Maximo Application Suite to a version where the secure attribute is set on authorization tokens and session cookies.