CVE-2021-29883

Name of the Vulnerable Software and Affected Versions IBM Transformation Extender Advanced versions 9.0 through 10.0

Description The issue arises because the secure attribute is not set on authorization tokens or session cookies. This allows attackers to potentially obtain cookie values by sending a user an http link or by embedding such a link in a website the user visits. The cookie is sent to the insecure link, and the attacker can then snoop the traffic to obtain the cookie value.

Recommendations For versions 9.0 and 10.0, ensure that the secure attribute is set on authorization tokens and session cookies to prevent them from being sent over insecure connections. At the moment, there is no information about a newer version that contains a fix for this vulnerability.