PT-2019-16969 · Ibm · Ibm Smartcloud Analytics

Published

2019-11-22

Updated

2020-08-24

CVE-2019-4214

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM SmartCloud Analytics versions 1.3.1 through 1.3.5

Description The issue allows an attacker to obtain sensitive information using man-in-the-middle techniques because it does not set the secure attribute on authorization tokens or session cookies.

Recommendations For IBM SmartCloud Analytics versions 1.3.1 through 1.3.5, consider updating the software to a version that sets the secure attribute on authorization tokens or session cookies to prevent sensitive information from being obtained by an attacker.

Fix

Incorrect Permission

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732CWE-311

Related Identifiers

CVE-2019-4214

Affected Products

Ibm Smartcloud Analytics

PT-2019-16969 · Ibm · Ibm Smartcloud Analytics

CVE-2019-4214

Weakness Enumeration

Related Identifiers

Affected Products

References · 4