CVE-2023-46179

MEDIUM Year: 2023
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-614
View all →

Vulnerability Description

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 269683.

Related Vulnerabilities

CVE-2022-4683

MEDIUM
CVSS:4.3(Medium)

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0.

CWE-6142022

CVE-2023-3520

MEDIUM
CVSS:4.3(Medium)

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6.

CWE-6142023

CVE-2023-42016

MEDIUM
CVSS:4.3(Medium)

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to ...

CWE-6142023

CVE-2024-43180

MEDIUM
CVSS:4.3(Medium)

IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this lin...

CWE-6142024

CVE-2024-55897

MEDIUM
CVSS:4.3(Medium)

IBM PowerHA SystemMirror for i 7.4 and 7.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a u...

CWE-6142024

CVE-2024-28770

MEDIUM
CVSS:4.8(Medium)

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get t...

CWE-6142024