CVE-2018-1804

Name of the Vulnerable Software and Affected Versions IBM Security Access Manager Appliance versions 9.0.1.0 through 9.0.5.0

Description The issue allows an attacker to obtain sensitive information using man-in-the-middle techniques because the secure attribute is not set on authorization tokens or session cookies.

Recommendations For versions 9.0.1.0 through 9.0.5.0, consider configuring the system to set the secure attribute on authorization tokens and session cookies to prevent sensitive information from being obtained by an attacker. At the moment, there is no information about a newer version that contains a fix for this vulnerability.