Information disclosure in Ibm Websphere_extreme_scale
CVE-2015-2025
IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transm…
Vulnerability class: Information Disclosure
EPSS: 0.012 (65.2th percentile) — read the EPSS interpretation.
Affected products
- Ibm Websphere_extreme_scale — versions 7.1.0, 7.1.0.2, 7.1.1
- N/a — versions n/a
Weakness classification (CWE)
References
- psirt@us.ibm.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
- psirt@us.ibm.com (vendor-advisory, Patch, Vendor Advisory, x_refsource_AIXAPAR)
- psirt@us.ibm.com (vendor-advisory, Patch, Vendor Advisory, x_refsource_AIXAPAR)