CVE-2015-1993
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session.
IBM Security QRadar Incident Forensics 7.2.x en versiones anteriores a 7.2.5 Patch 5 no establece el indicador seguro para cookies no especificadas en una sesión https, lo cual hace que sea más fácil para atacantes remotos capturar estas cookies interceptando su transmisión dentro de una sesión http.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-02-19 CVE Reserved
- 2015-11-08 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21968270 | 2015-11-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Security Qradar Incident Forensics Search vendor "Ibm" for product "Security Qradar Incident Forensics" | 7.2.0 Search vendor "Ibm" for product "Security Qradar Incident Forensics" and version "7.2.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Security Qradar Incident Forensics Search vendor "Ibm" for product "Security Qradar Incident Forensics" | 7.2.1 Search vendor "Ibm" for product "Security Qradar Incident Forensics" and version "7.2.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Security Qradar Incident Forensics Search vendor "Ibm" for product "Security Qradar Incident Forensics" | 7.2.2 Search vendor "Ibm" for product "Security Qradar Incident Forensics" and version "7.2.2" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Security Qradar Incident Forensics Search vendor "Ibm" for product "Security Qradar Incident Forensics" | 7.2.3 Search vendor "Ibm" for product "Security Qradar Incident Forensics" and version "7.2.3" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Security Qradar Incident Forensics Search vendor "Ibm" for product "Security Qradar Incident Forensics" | 7.2.4 Search vendor "Ibm" for product "Security Qradar Incident Forensics" and version "7.2.4" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Security Qradar Incident Forensics Search vendor "Ibm" for product "Security Qradar Incident Forensics" | 7.2.5 Search vendor "Ibm" for product "Security Qradar Incident Forensics" and version "7.2.5" | - |
Affected
| ||||||