Vulnerabilities > CVE-2015-1993 - Unspecified vulnerability in IBM Security Qradar Incident Forensics

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

ibm

NVD

Published: 2015-11-08

Updated: 2015-11-09

Summary

IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session. <a href="https://cwe.mitre.org/data/definitions/614.html">CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute</a>

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Security Qradar Incident Forensics 7.2.0 IBM Security Qradar Incident Forensics 7.2.1 IBM Security Qradar Incident Forensics 7.2.2 IBM Security Qradar Incident Forensics 7.2.3 IBM Security Qradar Incident Forensics 7.2.4 IBM Security Qradar Incident Forensics 7.2.5	6

Seebug

bulletinFamily	exploit
description	No description provided by source.
id	SSV:89761
last seen	2017-11-19
modified	2015-11-16
published	2015-11-16
reporter	Root
title	IBM Security QRadar Incident Forensics中间人攻击漏洞（CVE-2015-1993）

References

http://www-01.ibm.com/support/docview.wss?uid=swg21968270