CVE-2023-38281

Name of the Vulnerable Software and Affected Versions IBM Cloud Pak System (affected versions not specified)

Description The software does not set the secure attribute on authorization tokens or session cookies. This could allow attackers to obtain cookie values by sending an insecure HTTP link to a user or by planting such a link on a site the user visits. The cookie will be sent to the insecure link, enabling the attacker to capture the cookie value by monitoring network traffic.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.