PT-2023-22224 · Ibm · Ibm Sterling Connect:Express For Unix
Published
2023-07-19
·
Updated
2023-07-28
·
CVE-2023-29259
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Sterling Connect:Express for UNIX version 1.5
Description
The issue is related to the use of cookies without the SameSite attribute in the browser UI, making it vulnerable to certain attacks.
Recommendations
For IBM Sterling Connect:Express for UNIX version 1.5, consider configuring cookies to include the SameSite attribute to mitigate the risk of exploitation. As a temporary workaround, restrict access to sensitive operations that rely on cookies until a proper fix is applied.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ibm Sterling Connect:Express For Unix