IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/351213 | VDB Entry Vendor Advisory |
https://www.ibm.com/support/pages/node/7168234 | Vendor Advisory |
Configurations
History
20 Sep 2024, 17:28
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:ibm:concert:1.0:*:*:*:*:*:*:* | |
First Time |
Ibm
Ibm concert |
|
CWE | CWE-319 | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/351213 - VDB Entry, Vendor Advisory | |
References | () https://www.ibm.com/support/pages/node/7168234 - Vendor Advisory |
13 Sep 2024, 14:06
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
13 Sep 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-13 02:15
Updated : 2024-09-20 17:28
NVD link : CVE-2024-43180
Mitre link : CVE-2024-43180
CVE.ORG link : CVE-2024-43180
JSON object : View
Products Affected
ibm
- concert