CVE-2018-1480
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the 'HttpOnly' attribute on authorization tokens or session cookies. If a Cross-Site Scripting vulnerability also existed attackers may be able to get the cookie values via malicious JavaScript and then hijack the user session. IBM X-Force ID: 140762.
IBM BigFix Platform, desde la versón 9.2.0 hasta la 9.2.14 y desde la versión 9.5 hasta la 9.5.9, no establece el atributo "HttpOnly" en los tokens de autorización o en las cookies de sesión. Si también existiese una vulnerabilidad Cross-Site Scripting (XSS), los atacantes podrían obtener los valores de la cookie mediante JavaScript malicioso y, después, secuestrar la sesión de usuario. IBM X-Force ID: 140762.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-13 CVE Reserved
- 2018-12-12 CVE Published
- 2024-05-02 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-384: Session Fixation
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/140762 | 2019-10-09 | |
https://www.ibm.com/support/docview.wss?uid=ibm10733605 | 2019-10-09 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ibm Search vendor "Ibm" | Bigfix Platform Search vendor "Ibm" for product "Bigfix Platform" | >= 9.2.0 <= 9.2.14 Search vendor "Ibm" for product "Bigfix Platform" and version " >= 9.2.0 <= 9.2.14" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Bigfix Platform Search vendor "Ibm" for product "Bigfix Platform" | >= 9.5 <= 9.5.9 Search vendor "Ibm" for product "Bigfix Platform" and version " >= 9.5 <= 9.5.9" | - |
Affected
|