PT-2015-5537 · Ibm · Ibm Security Qradar Incident Forensics

John Zuccato

Published

2015-11-08

Updated

2015-11-09

CVE-2015-1993

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Security QRadar Incident Forensics versions 7.2.x through 7.2.5 before Patch 5

Description The issue makes it easier for remote attackers to capture cookies by intercepting their transmission within an http session, as the secure flag is not set for unspecified cookies in an https session.

Recommendations For IBM Security QRadar Incident Forensics versions 7.2.x through 7.2.5 before Patch 5, apply Patch 5 to set the secure flag for cookies in https sessions and prevent their interception in http sessions.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2015-1993

Affected Products

Ibm Security Qradar Incident Forensics

PT-2015-5537 · Ibm · Ibm Security Qradar Incident Forensics

CVE-2015-1993

Related Identifiers

Affected Products

References · 2