Page 3 of 7183 results (0.010 seconds)

CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. • https://www.ibm.com/support/pages/node/7169766 • CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. An attacker could use this information to launch further attacks against affected applications. • https://www.ibm.com/support/pages/node/7160700 https://www.ibm.com/support/pages/node/7168038 • CWE-522: Insufficiently Protected Credentials •

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0

IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system. • https://exchange.xforce.ibmcloud.com/vulnerabilities/294742 https://www.ibm.com/support/pages/node/7168379 • CWE-613: Insufficient Session Expiration •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. • https://exchange.xforce.ibmcloud.com/vulnerabilities/351213 https://www.ibm.com/support/pages/node/7168234 • CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. • https://www.ibm.com/support/pages/node/7167255 • CWE-650: Trusting HTTP Permission Methods on the Server Side •