CVE-2021-29769
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 202769.
IBM i2 Analyst's Notebook Premium (IBM i2 Analyze versiones 4.3.0, 4.3.1 y 4.3.2) no establece el atributo de seguridad en los tokens de autorización o las cookies de sesión. Unos atacantes pueden ser capaces de obtener los valores de las cookies enviando un enlace http:// a un usuario o al plantar este enlace en un sitio al que el usuario vaya. La cookie se enviará al enlace inseguro y el atacante podrá entonces obtener el valor de la cookie al espiar el tráfico. IBM X-Force ID: 202769
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-03-31 CVE Reserved
- 2021-07-26 CVE Published
- 2024-09-16 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-319: Cleartext Transmission of Sensitive Information
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.ibm.com/support/pages/node/6474883 | 2021-08-03 |
| URL | Date | SRC |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/202769 | 2021-08-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | I2 Analyze Search vendor "Ibm" for product "I2 Analyze" | 4.3.0 Search vendor "Ibm" for product "I2 Analyze" and version "4.3.0" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Ibm Search vendor "Ibm" | I2 Analyze Search vendor "Ibm" for product "I2 Analyze" | 4.3.0 Search vendor "Ibm" for product "I2 Analyze" and version "4.3.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Ibm Search vendor "Ibm" | I2 Analyze Search vendor "Ibm" for product "I2 Analyze" | 4.3.1 Search vendor "Ibm" for product "I2 Analyze" and version "4.3.1" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Ibm Search vendor "Ibm" | I2 Analyze Search vendor "Ibm" for product "I2 Analyze" | 4.3.1 Search vendor "Ibm" for product "I2 Analyze" and version "4.3.1" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Ibm Search vendor "Ibm" | I2 Analyze Search vendor "Ibm" for product "I2 Analyze" | 4.3.2 Search vendor "Ibm" for product "I2 Analyze" and version "4.3.2" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Ibm Search vendor "Ibm" | I2 Analyze Search vendor "Ibm" for product "I2 Analyze" | 4.3.2 Search vendor "Ibm" for product "I2 Analyze" and version "4.3.2" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|