CVE-2024-55897

Name of the Vulnerable Software and Affected Versions IBM PowerHA SystemMirror for i versions 7.4 through 7.5

Description The issue is related to insecure cookie handling, where the secure attribute is not set on authorization tokens or session cookies. This allows attackers to potentially obtain cookie values by sending a user a link to an insecure site or by planting such a link on a site the user visits. The cookie will be sent to the insecure link, and the attacker can then obtain the cookie value by snooping the traffic.

Recommendations For versions 7.4 and 7.5, consider disabling the use of authorization tokens or session cookies until a patch is available. Restrict access to sensitive areas of the system to minimize the risk of exploitation. Avoid using insecure links (http://) for sensitive operations; instead, use secure links (https://) to protect cookie values from being intercepted. At the moment, there is no information about a newer version that contains a fix for this vulnerability.