How severe is CVE-2021-29883?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Vulnerability in Ibm Transformation Extender Advanced

CVE-2021-29883

IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a…

EPSS: 0.001 (30.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.0/AC:L/UI:R/S:U/C:L/PR:N/I:N/AV:N/A:N/RL:O/E:U/RC:C.

Affected products

Ibm Transformation Extender Advanced — versions 9.0, 10.0

References

www.ibm.com/support/pages/node/6507077 (x_refsource_CONFIRM)
ibm-spe-cve202129883-info-disc (207090) (vdb-entry, x_refsource_XF)

Frequently asked questions

What is CVE-2021-29883?: CVE-2021-29883 is a medium-severity vulnerability in Ibm Transformation Extender Advanced. CVSS score: 4.3/10. Published 2021-10-21.
How severe is CVE-2021-29883?: Medium severity. CVSS v3 base score is 4.3 out of 10.