CVE-2025-36011

Name of the Vulnerable Software and Affected Versions: IBM Jazz for Service Management versions 1.1.3.0 through 1.1.3.24

Description: IBM Jazz for Service Management does not set the secure attribute on authorization tokens or session cookies. This may allow attackers to obtain cookie values by sending a non-secure HTTP link to a user or by planting such a link on a site the user visits. The cookie will be sent to the insecure link, enabling attackers to potentially intercept the cookie value by monitoring network traffic.

Recommendations: IBM Jazz for Service Management version 1.1.3.0 through 1.1.3.24: Ensure authorization tokens and session cookies are configured with the secure attribute to prevent interception over insecure connections.