CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4688
https://notcve.org/view.php?id=CVE-2019-4688
26 Aug 2020 — IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 171825. IBM Security Guardium Data Encryption (GDE) versión 3.0.0.2, no establece el atributo seguro en tokens... • https://exchange.xforce.ibmcloud.com/vulnerabilities/171825 • CWE-565: Reliance on Cookies without Validation and Integrity Checking •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4686
https://notcve.org/view.php?id=CVE-2019-4686
26 Aug 2020 — IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 171822. IBM Security Guardium Data Encryption (GDE) versión 3.0.0.2, no establece el atributo seguro en tokens... • https://exchange.xforce.ibmcloud.com/vulnerabilities/171822 • CWE-311: Missing Encryption of Sensitive Data •