How severe is CVE-2018-1948?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2018-1948?

This is classified as CWE-384, which is a common weakness in software security.

CVE-2018-1948

MEDIUM Year: 2018

CVSS v3 Score

4.3

Medium

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-384

View all →

Vulnerability Description

IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 153428.

CVE-2017-1152

MEDIUM

CVSS:4.3(Medium)

IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force...

CWE-3842017

CVE-2018-1485

MEDIUM

CVSS:4.3(Medium)

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This co...

CWE-3842018

CVE-2018-1626

MEDIUM

CVSS:4.3(Medium)

IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This ...

CWE-3842018

CVE-2021-38869

MEDIUM

CVSS:4.3(Medium)

IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout. IBM X-Force ID: 208341.

CWE-3842021