IBM CICS TX Advanced 10.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 260818.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: ibm
Published: 2023-11-13T01:24:46.619Z
Updated: 2024-08-30T19:27:12.135Z
Reserved: 2023-07-16T00:53:13.214Z
Link: CVE-2023-38363
Vulnrichment
Updated: 2024-08-02T17:39:13.411Z
NVD
Status : Analyzed
Published: 2023-11-13T02:15:08.663
Modified: 2023-11-17T13:50:18.420
Link: CVE-2023-38363
Redhat
No data.