CVE-2023-33849

LOW Year: 2023
CVSS v3 Score
3.7
Low
Weakness Type
CWE-311
View all →

Vulnerability Description

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques. IBM X-Force ID: 257105.

Related Vulnerabilities

CVE-2019-4171

LOW
CVSS:3.7(Low)

IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information usin...

CWE-3112019

CVE-2019-4214

LOW
CVSS:3.7(Low)

IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the...

CWE-3112019

CVE-2019-4686

LOW
CVSS:3.7(Low)

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// li...

CWE-3112019

CVE-2019-4704

LOW
CVSS:3.7(Low)

IBM Security Identity Manager Virtual Appliance 7.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// ...

CWE-3112019

CVE-2020-4233

LOW
CVSS:3.7(Low)

IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. ...

CWE-3112020

CVE-2020-2249

LOW
CVSS:3.3(Low)

Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access...

CWE-3112020