CVE-2019-4686 – IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on a …

26 August 2020

Vuln ID: CVE-2019-4686

Published: 2020-08-26 19:15:12Z

Description: IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 171822.

Source: NVD.NIST.GOV

Date:

26 August 2020

Categorie(s):

NVD

Tag(s):

NVD

NSW club patrons advised to replace ID documents after leak of more than a million records2 May 2024
Aussie Early Adopters of Copilot for Security2 May 2024
Hacker free-for-all fights for control of home and office routers everywhere2 May 2024
Verizon’s 2024 Data Breach Investigations Report: 5 key takeaways2 May 2024
Dropbox dropped the ball on security, haemorrhaging customer and third-party info2 May 2024