IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 134913.
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: ibm
Published: 2018-08-17T16:00:00Z
Updated: 2024-09-16T16:44:08.655Z
Reserved: 2016-11-30T00:00:00
Link: CVE-2017-1732

No data.

Status : Modified
Published: 2018-08-17T16:29:00.230
Modified: 2024-11-21T03:22:17.087
Link: CVE-2017-1732

No data.