CVE-2017-1368

Name of the Vulnerable Software and Affected Versions: IBM Security Identity Governance Virtual Appliance versions 5.2 through 5.2.3.2

Description: The issue allows attackers to obtain cookie values by sending an http link to a user or by planting this link in a site the user visits. When the user clicks on the link, the cookie will be sent to the insecure link, and the attacker can then obtain the cookie value by snooping the traffic.

Recommendations: For IBM Security Identity Governance Virtual Appliance versions 5.2 through 5.2.3.2, consider updating the software to set the secure attribute on authorization tokens or session cookies to prevent attackers from obtaining cookie values.