fkie_nvd - fkie_cve-2015-1993

fkie_cve-2015-1993

Vulnerability from fkie_nvd

Published

2015-11-08 22:59

Modified

2025-04-12 10:46

Severity ?

Summary

IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session.

References

▶	URL	Tags
	psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21968270	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21968270	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	security_qradar_incident_forensics	7.2.0
ibm	security_qradar_incident_forensics	7.2.1
ibm	security_qradar_incident_forensics	7.2.2
ibm	security_qradar_incident_forensics	7.2.3
ibm	security_qradar_incident_forensics	7.2.4
ibm	security_qradar_incident_forensics	7.2.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:security_qradar_incident_forensics:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D02706E6-8774-4AC8-B14C-9C671AD2AEC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_qradar_incident_forensics:7.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE66EF55-6E6D-4A48-BB35-073E492EE667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_qradar_incident_forensics:7.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E974127A-CD24-49F9-BAE8-E158C73E5E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_qradar_incident_forensics:7.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DD31091-B460-4CDD-9060-ADC475102F15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_qradar_incident_forensics:7.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "199B0E14-8151-44FF-BB68-5C3F2CEA2D8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:security_qradar_incident_forensics:7.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "460908EA-F6BA-4B87-89C3-F5D554D63A30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session."
    },
    {
      "lang": "es",
      "value": "IBM Security QRadar Incident Forensics 7.2.x en versiones anteriores a 7.2.5 Patch 5 no establece el indicador seguro para cookies no especificadas en una sesi\u00f3n https, lo cual hace que sea m\u00e1s f\u00e1cil para atacantes remotos capturar estas cookies interceptando su transmisi\u00f3n dentro de una sesi\u00f3n http."
    }
  ],
  "evaluatorComment": "\u003ca href=\"https://cwe.mitre.org/data/definitions/614.html\"\u003eCWE-614: Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute\u003c/a\u003e",
  "id": "CVE-2015-1993",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-11-08T22:59:02.557",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968270"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968270"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2015-1993 (GCVE-0-2015-1993)

Vulnerability from cvelistv5

Published

2015-11-08 22:00

Modified

2024-08-06 05:02

Severity ?

CWE

Summary

References

►

URL

Tags

http://www-01.ibm.com/support/docview.wss?uid=swg21968270

x_refsource_CONFIRM