IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
No CVSS v3.1
No CVSS v3.0
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
AV:N/AC:L/Au:N/C:P/I:N/A:N
Vendors | Products |
---|---|
Ibm |
|
Configuration 1 [-]
|
References
Link | Resource |
---|---|
http://www-01.ibm.com/support/docview.wss?uid=swg21682787 | Patch Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/94258 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: ibm
Published: 2014-09-12T01:00:00
Updated: 2017-08-28T12:57:01
Reserved: 2014-04-29T00:00:00
Link: CVE-2014-3092
JSON object: View
NVD Information
Status : Modified
Published: 2014-09-12T01:55:06.810
Modified: 2017-08-29T01:34:39.060
Link: CVE-2014-3092
JSON object: View
Redhat Information
No data.
CWE