CVE-2018-1804

CWE-3845 documents5 sources
Severity
3.7LOW
EPSS
0.1%
top 65.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Security Access ManagerIBM Security Access Manager Appliance
Timeline
PublishedDec 13
Latest updateMay 13

Description

IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 149703.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages2 packages

NVDibm/security_access_manager9.0.1.09.0.5.0

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-pmh3-3hgp-482h: IBM Security Access Manager Appliance 92022-05-13
CVEList
CVE-2018-1804: IBM Security Access Manager Appliance 92018-12-13

💥Exploits & PoCs

1
Exploit-DB
Nagios XI 5.5.6 - Remote Code Execution / Privilege Escalation2019-01-23

💬Community

1
Bugzilla
CVE-2018-1000060 sensu: Password exposure in warn level log when configured for multiple rabbitMQ connections2018-02-02