CVE-2019-4214

Published: Nov 22, 2019Modified: Nov 21, 2024

3.7

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.2 / Impact: 1.4

Source: NVD

Description

IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 159185.

Affected (1)

Products: Ibm: Smartcloud Analytics Log Analysis

Ibm

1 product

Smartcloud Analytics Log Analysis

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ibm Smartcloud Analytics Log Analysis	From 1.3.1 to 1.3.5

Related CWEs

CWE-311

Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/159185

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/1110171

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/159185

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/1110171

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.