CVE-2015-2025: IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 does not set the secure flag for the session cookie in an https session, which makes…

medium4.3CVSS 3.1

AVNACMAuNCPINAN

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Affected

32 ranges· showing 25

Vendor	Product	Version range	Fixed in
ibm	websphere_extreme_scale	—	—
ibm	websphere_extreme_scale	—	—
ibm	websphere_extreme_scale	—	—
msrc	azl3_audiofile_0.3.6-27_on_azure_linux_3.0	—	—
msrc	azl3_boost_1.83.0-2_on_azure_linux_3.0	—	—
msrc	azl3_cal10n_0.8.1.10-1_on_azure_linux_3.0	—	—
msrc	azl3_ceph_18.2.2-1_on_azure_linux_3.0	—	—
msrc	azl3_ceph_18.2.2-8_on_azure_linux_3.0	—	—
msrc	azl3_fontawesome4-fonts_4.7.0-12_on_azure_linux_3.0	—	—
msrc	azl3_javapackages-bootstrap_1.14.0-2_on_azure_linux_3.0	—	—
msrc	azl3_mozjs_102.15.1-1_on_azure_linux_3.0	—	—
msrc	azl3_openscap_1.3.9-1_on_azure_linux_3.0	—	—
msrc	azl3_orangefs_2.9.8-3_on_azure_linux_3.0	—	—
msrc	azl3_python-blinker_1.7.0-4_on_azure_linux_3.0	—	—
msrc	azl3_python-tensorboard_2.16.2-6_on_azure_linux_3.0	—	—
msrc	azl3_rust_1.75.0-14_on_azure_linux_3.0	—	—
msrc	azl3_rust_1.86.0-1_on_azure_linux_3.0	—	—
msrc	azl3_scons_4.6.0-1_on_azure_linux_3.0	—	—
msrc	azl3_slf4j_1.7.30-6_on_azure_linux_3.0	—	—
msrc	azl3_slf4j_2.0.7-1_on_azure_linux_3.0	—	—
msrc	azure_linux_3.0_arm	—	—
msrc	azure_linux_3.0_x64	—	—
msrc	cbl2_cpio_2.13-5_on_cbl_mariner_2.0	—	—
msrc	cbl2_orangefs_2.9.8-3_on_cbl_mariner_2.0	—	—
msrc	cbl2_squashfs-tools_4.5-1_on_cbl_mariner_2.0	—	—

CVSS provenance

nvd4.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N

cisa9.8CRITICAL