PT-2021-18466 · Ibm · Ibm I2 Analyst'S Notebook Premium
Chris Shepherd
+7
·
Published
2021-07-26
·
Updated
2021-08-03
·
CVE-2021-29769
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM i2 Analyst's Notebook Premium versions 4.3.0 through 4.3.2
Description
The issue concerns the failure to set the secure attribute on authorization tokens or session cookies. Attackers can exploit this by sending a http:// link to a user or planting this link in a site the user visits, allowing them to obtain the cookie value by snooping the traffic.
Recommendations
For versions 4.3.0 through 4.3.2, consider disabling the use of authorization tokens or session cookies until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation. Avoid using insecure links (http://) to prevent the cookie from being sent to unsecured connections.
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm I2 Analyst'S Notebook Premium