Failure to Set HTTPOnly Flag in IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 Allows Remote Information Disclosure

Failure to Set HTTPOnly Flag in IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 Allows Remote Information Disclosure

CVE-2021-20416 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 196218.

Learn more about our Web Application Penetration Testing UK.