CVE-2016-0353

CWE-200Information ExposureCWE-2543 documents3 sources
Severity
3.7LOW
EPSS
0.2%
top 56.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Security Privileged Identity Manager
Timeline
PublishedNov 24
Latest updateMay 17

Description

IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages1 packages

NVDibm/security_privileged_identity_manager2.0.0, 2.0.1, 2.0.2+2

🔴Vulnerability Details

2
GHSA
GHSA-cpgm-4992-865g: IBM Security Privileged Identity Manager 22022-05-17
CVEList
CVE-2016-0353: IBM Security Privileged Identity Manager 22016-11-24
CVE-2016-0353 (LOW CVSS 3.7) | IBM Security Privileged Identity Ma | cvebase.io