CVE-2019-4704

Name of the Vulnerable Software and Affected Versions IBM Security Identity Manager Virtual Appliance version 7.0.2

Description The issue concerns the failure to set the secure attribute on authorization tokens or session cookies. Attackers can exploit this by sending a http link to a user or planting this link in a site the user visits, allowing them to obtain the cookie value by snooping the traffic.

Recommendations For IBM Security Identity Manager Virtual Appliance version 7.0.2, consider setting the secure attribute on authorization tokens or session cookies to prevent attackers from obtaining cookie values through insecure links. As a temporary workaround, restrict access to sensitive areas of the application that use these cookies until a proper fix is applied.