| Vulnerability Name: | CVE-2015-2025 (CCN-104053) | ||||||||
| Assigned: | 2015-09-08 | ||||||||
| Published: | 2015-09-08 | ||||||||
| Updated: | 2015-10-05 | ||||||||
| Summary: | IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | ||||||||
| CVSS v3 Severity: | 2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N) 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
2.6 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-200 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2015-2025 Source: AIXAPAR Type: Patch, Vendor Advisory PI44098 Source: AIXAPAR Type: Patch, Vendor Advisory PI44105 Source: CONFIRM Type: Patch, Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21966044 Source: CCN Type: IBM Security Bulletin 1966044 : The WebSphere eXtreme Scale 7.1.0 and 7.1.1 monitoring console lacks protection for various vulnerabilities. (CVE-2015-2025 CVE-2015-2026 CVE-2015-2027 CVE-2015-2028 CVE-2015-2029 CVE-2015-2030 CVE-2015-2031) Source: CCN Type: IBM Security Bulletin 1966045 The WebSphere eXtreme Scale 8.5 and 8.6 monitoring console lacks protection for various vulnerabilities. (CVE-2015-2025 CVE-2015-2026 CVE-2015-2027 CVE-2015-2029 CVE-2015-2030) Source: XF Type: UNKNOWN ibm-websphere-cve20152025-info-disc(104053) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||