CVE-2024-28771

MEDIUM Year: 2024
CVSS v3 Score
4.8
Medium
Weakness Type
CWE-614
View all →

Vulnerability Description

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.

Related Vulnerabilities

CVE-2024-28770

MEDIUM
CVSS:4.8(Medium)

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get t...

CWE-6142024

CVE-2022-3250

MEDIUM
CVSS:4.9(Medium)

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6.

CWE-6142022

CVE-2015-3207

MEDIUM
CVSS:5.3(Medium)

In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes.

CWE-6142015

CVE-2020-29024

MEDIUM
CVSS:5.3(Medium)

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects...

CWE-6142020

CVE-2021-35236

MEDIUM
CVSS:5.3(Medium)

The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secur...

CWE-6142021

CVE-2022-4683

MEDIUM
CVSS:4.3(Medium)

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0.

CWE-6142022