CVE-2019-4171

Name of the Vulnerable Software and Affected Versions IBM Cognos Controller versions 10.3.0 through 10.4.1

Description The issue allows an attacker to obtain sensitive information using man-in-the-middle techniques because it does not set the secure attribute on authorization tokens or session cookies.

Recommendations For versions 10.3.0 through 10.4.1, consider implementing additional security measures to protect against man-in-the-middle attacks, such as using HTTPS to encrypt communication and verifying the authenticity of cookies and tokens. At the moment, there is no information about a newer version that contains a fix for this vulnerability.