How severe is CVE-2016-0372?

This vulnerability has a severity rating of LOW with a CVSS score of 3.7 out of 10.

What type of vulnerability is CVE-2016-0372?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2016-0372 - LOW Severity | CVSS 3.7

Vulnerability Description

IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Related Vulnerabilities

CVE-2014-4876

LOW

CVSS:3.7(Low)

Toshiba 4690 Operating System 6 Release 3, when the ADXSITCF logical name is not properly restricted, allows remote attackers to read potentially sensitive system environment variables via a crafted r...

CWE-2002014

CVE-2015-4989

LOW

CVSS:3.7(Low)

The portal in IBM Tealeaf Customer Experience before 8.7.1.8814, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0...

CWE-2002015

CVE-2015-6858

LOW

CVSS:3.7(Low)

HP Insight Control server provisioning before 7.5.0 RabbitMQ allows remote attackers to obtain sensitive information via unspecified vectors.

CWE-2002015

CVE-2015-7420

LOW

CVSS:3.7(Low)

Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7421.

CWE-2002015

CVE-2015-7421

LOW

CVSS:3.7(Low)

Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7420.

CWE-2002015

CVE-2015-7886

LOW

CVSS:3.7(Low)

NetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access are enabled, allows remote attackers to obtain sensitive volume information via unspecified vectors.

CWE-2002015