Vulnerabilities > Reliance on Cookies without Validation and Integrity Checking

DATE CVE VULNERABILITY TITLE RISK
2020-12-10 CVE-2020-29668 Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.
network
high complexity
sympa fedoraproject debian CWE-565
3.7
2020-12-09 CVE-2020-26955 Reliance on Cookies without Validation and Integrity Checking vulnerability in Mozilla Firefox 80.0
When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent during a subsequent file download operation on the same domain, regardless of whether the original and subsequent request were in private and non-private browsing modes.
network
low complexity
mozilla CWE-565
6.5
2020-10-20 CVE-2020-4749 Reliance on Cookies without Validation and Integrity Checking vulnerability in IBM Spectrum Scale
IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm CWE-565
4.3
2020-10-02 CVE-2020-7070 Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded.
5.3
2020-08-26 CVE-2019-4688 Reliance on Cookies without Validation and Integrity Checking vulnerability in IBM products
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm CWE-565
4.3
2020-01-28 CVE-2019-4638 Reliance on Cookies without Validation and Integrity Checking vulnerability in IBM Security Secret Server 10.6/10.7
IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies.
network
high complexity
ibm CWE-565
3.7
2019-11-25 CVE-2012-5631 Reliance on Cookies without Validation and Integrity Checking vulnerability in Freeipa 3.0.0
ipa 3.0 does not properly check server identity before sending credential containing cookies
network
low complexity
freeipa CWE-565
8.8
2019-10-29 CVE-2019-4330 Reliance on Cookies without Validation and Integrity Checking vulnerability in IBM Security Guardium BIG Data Intelligence 4.0
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set the secure attribute for cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session.
network
low complexity
ibm CWE-565
4.3
2019-10-08 CVE-2019-17104 Reliance on Cookies without Validation and Integrity Checking vulnerability in Centreon VM 19.04.2/19.04.3
In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set.
network
low complexity
centreon CWE-565
7.5
2019-09-30 CVE-2019-4305 Reliance on Cookies without Validation and Integrity Checking vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie.
network
low complexity
ibm CWE-565
5.3