| Vulnerability Name: | CVE-2016-0353 (CCN-111892) | ||||||||||||
| Assigned: | 2015-12-08 | ||||||||||||
| Published: | 2016-08-23 | ||||||||||||
| Updated: | 2016-11-28 | ||||||||||||
| Summary: | IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | ||||||||||||
| CVSS v3 Severity: | 3.7 Low (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) 3.2 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
3.2 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-254 CWE-200 | ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2016-0353 Source: CONFIRM Type: Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21988706 Source: CCN Type: IBM Security Bulletin 1988706 (Security Privileged Identity Manager) Multiple Security Vulnerabilities fixed in IBM Security Privileged Identity Manager Source: CCN Type: IBM Security Bulletin 1989198 (Security Identity Manager) Fixes for Multiple Security Vulnerabilities in IBM Security Identity Manager Virtual Appliance available Source: BID Type: UNKNOWN 94543 Source: CCN Type: BID-94543 IBM Security Privileged Identity Manager CVE-2016-0353 Information Disclosure Vulnerability Source: XF Type: UNKNOWN ibm-sim-cve20160353-info-disc(111892) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||