ghsa-4jc6-946f-3mgf
Vulnerability from github
Published
2022-08-02 00:00
Modified
2022-08-07 00:00
Severity
Details
IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 229436.
{ "affected": [], "aliases": [ "CVE-2022-34307" ], "database_specific": { "cwe_ids": [ "CWE-863" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2022-08-01T16:15:00Z", "severity": "MODERATE" }, "details": "IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 229436.", "id": "GHSA-4jc6-946f-3mgf", "modified": "2022-08-07T00:00:30Z", "published": "2022-08-02T00:00:24Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34307" }, { "type": "WEB", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229436" }, { "type": "WEB", "url": "https://www.ibm.com/support/pages/node/6608208" }, { "type": "WEB", "url": "https://www.ibm.com/support/pages/node/6608210" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "type": "CVSS_V3" } ] }
Loading...