PT-2020-11002 · Ibm · Ibm Security Secret Server

Published

2020-01-28

Updated

2020-01-30

CVE-2019-4638

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Security Secret Server version 10.7

Description The issue allows an attacker to obtain sensitive information using man-in-the-middle techniques because the secure attribute is not set on authorization tokens or session cookies.

Recommendations For IBM Security Secret Server version 10.7, consider setting the secure attribute on authorization tokens and session cookies manually as a temporary workaround until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-565

Related Identifiers

CVE-2019-4638

Affected Products

Ibm Security Secret Server

PT-2020-11002 · Ibm · Ibm Security Secret Server

CVE-2019-4638

Weakness Enumeration

Related Identifiers

Affected Products

References · 5