CVE-2015-1993

3 documents3 sources

Severity

5.0MEDIUM

EPSS

0.2%

top 54.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Qradar Incident Forensics

Timeline

PublishedNov 8

Latest updateMay 17

Description

IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/security_qradar_incident_forensics6 versions+5

🔴Vulnerability Details

GHSA

GHSA-p6x3-7388-g9pr: IBM Security QRadar Incident Forensics 7↗2022-05-17

▶

CVEList

CVE-2015-1993: IBM Security QRadar Incident Forensics 7↗2015-11-08

▶