CVE-2016-0351

Name of the Vulnerable Software and Affected Versions IBM Security Identity Manager Virtual Appliance versions 7.0.x before 7.0.1.3-ISS-SIM-IF0001

Description The issue makes it easier for remote attackers to capture session cookies by intercepting their transmission within an HTTP session, as the secure flag for the session cookie in an HTTPS session is not set.

Recommendations For IBM Security Identity Manager Virtual Appliance versions 7.0.x before 7.0.1.3-ISS-SIM-IF0001, update to version 7.0.1.3-ISS-SIM-IF0001 or later to resolve the issue. As a temporary workaround, consider restricting access to HTTPS sessions to minimize the risk of cookie interception.