CVE-2019-4214
Severity
3.7LOW
EPSS
0.2%
top 63.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 22
Latest updateMay 24
Description
IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 159185.
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4