What is CVE-2018-1480?

CVE-2018-1480 is a medium-severity vulnerability in Ibm Bigfix Platform. CVSS score: 4.0/10. Published 2018-12-12.

How severe is CVE-2018-1480?

Medium severity. CVSS v3 base score is 4.0 out of 10.

Vulnerability in Ibm Bigfix Platform

CVE-2018-1480

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the 'HttpOnly' attribute on authorization tokens or session cookies. If a Cross-Site Scripting vulnerability also existed attackers may be able to get the cookie v…

EPSS: 0.001 (30.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.0 (Medium). Vector: CVSS:3.0/A:N/AC:H/AV:N/C:L/I:N/PR:N/S:C/UI:N/E:H/RC:C/RL:O.

Affected products

Ibm Bigfix Platform — versions 9.2.14, 9.5.9, 9.5.0

References

ibm-bigfix-cve20181480-xss(140762) (vdb-entry, x_refsource_XF)
www.ibm.com/support/docview.wss (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2018-1480?: CVE-2018-1480 is a medium-severity vulnerability in Ibm Bigfix Platform. CVSS score: 4.0/10. Published 2018-12-12.
How severe is CVE-2018-1480?: Medium severity. CVSS v3 base score is 4.0 out of 10.