| Vulnerability Name: | CVE-2014-0905 (CCN-91720) | ||||||||
| Assigned: | 2014-08-04 | ||||||||
| Published: | 2014-08-04 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the secure flag for the LTPA cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | ||||||||
| CVSS v3 Severity: | 2.3 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 2.9 Low (CVSS v2 Vector: AV:A/AC:M/Au:N/C:P/I:N/A:N) 2.1 Low (Temporal CVSS v2 Vector: AV:A/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
1.7 Low (CCN Temporal CVSS v2 Vector: AV:A/AC:M/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2014-0905 Source: CCN Type: IBM Security Bulletin 1680830 Missing Secure Attribute in Encrypted Session (SSL) in InfoSphere BigInsights (CVE-2014-0905) Source: CONFIRM Type: UNKNOWN http://www-01.ibm.com/support/docview.wss?uid=swg21680830 Source: CCN Type: BID-69067 IBM InfoSphere BigInsights CVE-2014-0905 Man in the Middle Information Disclosure Vulnerability Source: XF Type: UNKNOWN ibm-infosphere-cve20140905-info-disc(91720) Source: XF Type: UNKNOWN ibm-infosphere-cve20140905-info-disc(91720) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||