CVE-2015-7427Sensitive Information Exposure in IBM Datapower Gateway

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
0.2%
top 54.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Datapower Gateway
Timeline
PublishedNov 14
Latest updateMay 17

Description

IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x before 7.0.0.10, 7.1.0.x before 7.1.0.7, and 7.2.x before 7.2.0.1 do not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDibm/datapower_gateway6.0.0.16+35

🔴Vulnerability Details

2
GHSA
GHSA-xc6q-4cv7-5wqw: IBM DataPower Gateway appliances with firmware 62022-05-17
CVEList
CVE-2015-7427: IBM DataPower Gateway appliances with firmware 62015-11-14

💥Exploits & PoCs

1
Exploit-DB
usb-creator 0.2.x (Ubuntu 12.04/14.04/14.10) - Local Privilege Escalation2015-04-23
CVE-2015-7427 — Sensitive Information Exposure in IBM | cvebase