PT-2025-44624 · Ibm · Ibm Jazz For Service Management
Published
2025-10-31
·
Updated
2025-10-31
·
CVE-2025-36249
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Jazz for Service Management versions 1.1.3.0 through 1.1.3.25
Description
The software does not set the secure attribute on authorization tokens or session cookies. This could allow attackers to obtain cookie values by sending an insecure HTTP link to a user or by planting such a link on a site the user visits. The cookie will be sent to the insecure link, enabling an attacker to potentially capture the cookie value by monitoring network traffic.
Recommendations
Update to a version that sets the secure attribute on authorization tokens and session cookies.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Jazz For Service Management