Information disclosure in Ibm Datapower_gateway

CVE-2015-7427

IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x before 7.0.0.10, 7.1.0.x before 7.1.0.7, and 7.2.x before 7.2.0.1 do not set the secure flag for unspecified cookies in an https session, whic…

Vulnerability class: Information Disclosure

EPSS: 0.002 (45.3th percentile) — read the EPSS interpretation.

Affected products

Ibm Datapower_gateway — versions 6.0.1.0, 6.0.1.1, 6.0.1.2
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

IT10279 (vendor-advisory, x_refsource_AIXAPAR)
psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)