CVE-2015-2025

Published: Oct 4, 2015Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Affected (3)

Products: Ibm: Websphere Extreme Scale

1 product

Websphere Extreme Scale

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ibm Websphere Extreme Scale	Version 7.1.0.2
Ibm Websphere Extreme Scale	Version 7.1.0
Ibm Websphere Extreme Scale	Version 7.1.1

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://www-01.ibm.com/support/docview.wss?uid=swg1PI44098

Source: psirt@us.ibm.com

PatchVendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg1PI44105

Source: psirt@us.ibm.com

PatchVendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21966044

Source: psirt@us.ibm.com

PatchVendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg1PI44098

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg1PI44105

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21966044

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.