IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 296001.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/296001 | VDB Entry Vendor Advisory |
https://www.ibm.com/support/pages/node/7160185 | Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/296001 | VDB Entry Vendor Advisory |
https://www.ibm.com/support/pages/node/7160185 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 09:28
Type | Values Removed | Values Added |
---|---|---|
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/296001 - VDB Entry, Vendor Advisory | |
References | () https://www.ibm.com/support/pages/node/7160185 - Vendor Advisory |
18 Sep 2024, 12:50
Type | Values Removed | Values Added |
---|---|---|
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/296001 - VDB Entry, Vendor Advisory | |
References | () https://www.ibm.com/support/pages/node/7160185 - Vendor Advisory | |
CPE | cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:* |
|
CWE | CWE-565 | |
First Time |
Ibm datacap
Ibm |
15 Jul 2024, 13:00
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
14 Jul 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-14 13:15
Updated : 2024-11-21 09:28
NVD link : CVE-2024-39734
Mitre link : CVE-2024-39734
CVE.ORG link : CVE-2024-39734
JSON object : View
Products Affected
ibm
- datacap
CWE
CWE-565
Reliance on Cookies without Validation and Integrity Checking