IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.
Metrics
Affected Vendors & Products
References
History
Fri, 20 Sep 2024 17:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-319 |
Fri, 13 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 13 Sep 2024 01:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. | |
Title | IBM Concert information disclosure | |
First Time appeared |
Ibm
Ibm concert |
|
Weaknesses | CWE-614 | |
CPEs | cpe:2.3:a:ibm:concert:1.0:*:*:*:*:*:*:* | |
Vendors & Products |
Ibm
Ibm concert |
|
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: ibm
Published: 2024-09-13T01:24:07.230Z
Updated: 2024-09-13T13:50:26.818Z
Reserved: 2024-08-07T13:29:34.028Z
Link: CVE-2024-43180
Vulnrichment
Updated: 2024-09-13T13:50:22.514Z
NVD
Status : Analyzed
Published: 2024-09-13T02:15:01.887
Modified: 2024-09-20T17:28:06.617
Link: CVE-2024-43180
Redhat
No data.