PT-2017-12959 · Ibm · Ibm Tivoli Federated Identity Manager

Published

2017-06-08

Updated

2017-07-08

CVE-2017-1319

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Tivoli Federated Identity Manager version 6.2

Description The issue arises from a missing secure attribute in an encrypted session SSL cookie.

Recommendations For IBM Tivoli Federated Identity Manager version 6.2, ensure that the secure attribute is properly set in the encrypted session SSL cookie to mitigate the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Inadequate Encryption Strength

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-326

Related Identifiers

CVE-2017-1319

Affected Products

Ibm Tivoli Federated Identity Manager

PT-2017-12959 · Ibm · Ibm Tivoli Federated Identity Manager

CVE-2017-1319

Weakness Enumeration

Related Identifiers

Affected Products

References · 5