Insecure Session Management in IBM Security Secret Server 10.7

Insecure Session Management in IBM Security Secret Server 10.7

CVE-2019-4638 · LOW Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 170044.

Learn more about our Cis Benchmark Audit For Server Software.