How severe is CVE-2019-4688?

This vulnerability has a severity rating of LOW with a CVSS score of 3.7 out of 10.

What type of vulnerability is CVE-2019-4688?

This is classified as CWE-565, which is a common weakness in software security.

CVE-2019-4688 - LOW Severity | CVSS 3.7

Vulnerability Description

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 171825.

Related Vulnerabilities

CVE-2019-4638

LOW

CVSS:3.7(Low)

IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techn...

CWE-5652019

CVE-2020-4749

MEDIUM

CVSS:4.3(Medium)

IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a use...

CWE-5652020

CVE-2021-20450

MEDIUM

CVSS:4.3(Medium)

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link ...

CWE-5652021

CVE-2024-39734

MEDIUM

CVSS:4.3(Medium)

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a ht...

CWE-5652024

CVE-2019-4330

LOW

CVSS:3.1(Low)

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set the secure attribute for cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HT...

CWE-5652019

CVE-2019-4305

MEDIUM

CVSS:5.3(Medium)

IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. IBM X-Force ID: 160951.

CWE-5652019