Vulnerabilities > Reliance on Cookies without Validation and Integrity Checking
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-06 | CVE-2021-28171 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Deltaflow Project Deltaflow The Vangene deltaFlow E-platform does not take properly protective measures. | 7.5 |
| 2020-12-10 | CVE-2020-29668 | Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun. | 3.7 |
| 2020-12-09 | CVE-2020-26955 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Mozilla Firefox 80.0 When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent during a subsequent file download operation on the same domain, regardless of whether the original and subsequent request were in private and non-private browsing modes. | 4.3 |
| 2020-10-20 | CVE-2020-4749 | Reliance on Cookies without Validation and Integrity Checking vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
| 2020-10-02 | CVE-2020-7070 | Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. | 5.3 |
| 2020-08-26 | CVE-2019-4688 | Reliance on Cookies without Validation and Integrity Checking vulnerability in IBM products IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
| 2020-01-28 | CVE-2019-4638 | Reliance on Cookies without Validation and Integrity Checking vulnerability in IBM Security Secret Server IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
| 2019-11-25 | CVE-2012-5631 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Freeipa 3.0.0 ipa 3.0 does not properly check server identity before sending credential containing cookies | 6.8 |
| 2019-10-29 | CVE-2019-4330 | Reliance on Cookies without Validation and Integrity Checking vulnerability in IBM Security Guardium BIG Data Intelligence 4.0 IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set the secure attribute for cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session. | 4.3 |
| 2019-10-08 | CVE-2019-17104 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Centreon VM 19.04.2/19.04.3 In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set. | 5.0 |