CVE-2016-0351

CWE-200Information Exposure5 documents4 sources
Severity
3.7LOW
EPSS
0.2%
top 61.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Security Identity Manager Virtual Appliance
Timeline
PublishedFeb 21
Latest updateMay 14

Description

IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 does not set the secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. IBM X-Force ID: 111890.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages1 packages

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-66rp-jj47-55pw: IBM Security Identity Manager Virtual Appliance 72022-05-14
CVEList
CVE-2016-0351: IBM Security Identity Manager Virtual Appliance 72018-02-21

💬Community

2
Bugzilla
CVE-2016-1906 Kubernetes api server: build config to a strategy that isn't allowed by policy2016-01-12
Bugzilla
CVE-2016-1905 Kubernetes api server: patch operation should use patched object to check admission control2016-01-12
CVE-2016-0351 (LOW CVSS 3.7) | IBM Security Identity Manager Virtu | cvebase.io