CVE-2023-46179

Name of the Vulnerable Software and Affected Versions IBM Sterling Secure Proxy versions 6.0.3 through 6.1.0

Description The issue concerns the failure to set the secure attribute on authorization tokens or session cookies. Attackers may exploit this by sending a http:// link to a user or by planting this link in a site the user visits, allowing them to obtain the cookie value by snooping the traffic.

Recommendations For versions 6.0.3 and 6.1.0, consider setting the secure attribute on authorization tokens or session cookies manually until a patch is available. As a temporary workaround, restrict access to sensitive information and avoid using insecure links to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.