PT-2014-3934 · Ibm · Ibm Infosphere Biginsights
Published
2014-08-17
·
Updated
2017-08-29
·
CVE-2014-0905
CVSS v2.0
2.9
Low
| Vector | AV:A/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM InfoSphere BigInsights versions 2.0 through 2.1.2
Description
The issue makes it easier for remote attackers to capture the LTPA cookie by intercepting its transmission within an http session, as the secure flag is not set for the LTPA cookie in an https session.
Recommendations
For versions 2.0 through 2.1.2, consider configuring the application to set the secure flag for the LTPA cookie in https sessions to prevent interception.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Infosphere Biginsights