CVE-2016-0353

Name of the Vulnerable Software and Affected Versions IBM Security Privileged Identity Manager version 2.0 before 2.0.2 FP8

Description The issue allows remote attackers to capture session cookies by intercepting their transmission within an http session, as the secure flag for the session cookie in an https session is not set when the Virtual Appliance is used.

Recommendations For IBM Security Privileged Identity Manager version 2.0 before 2.0.2 FP8, update to version 2.0.2 FP8 to resolve the issue. As a temporary workaround, consider restricting access to the Virtual Appliance to minimize the risk of exploitation.