CVE-2015-1994

CWE-200Information Exposure3 documents3 sources
Severity
5.0MEDIUM
EPSS
0.2%
top 54.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Security Qradar Incident Forensics
Timeline
PublishedNov 8
Latest updateMay 17

Description

IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-j364-2q2p-jg89: IBM Security QRadar Incident Forensics 72022-05-17
CVEList
CVE-2015-1994: IBM Security QRadar Incident Forensics 72015-11-08
CVE-2015-1994 (MEDIUM CVSS 5) | IBM Security QRadar Incident Forens | cvebase.io