IBM Security Guardium Big Data Intelligence (SonarG) has addressed the following vulnerability.
CVEID: CVE-2019-4330 DESCRIPTION: IBM Security Guardium Big Data Intelligence (SonarG) does not set the secure attribute for cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session.
CVSS Base Score: 3.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/161210> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)
Affected IBM Security Guardium Big Data Intelligence (SonarG)
|
Affected Versions
—|—
IBM Security Guardium Big Data Intelligence (SonarG) | 4.0
Product
|
VRMF
|
Remediation / First Fix
—|—|—
IBM Security Guardium Big Data Intelligence (SonarG) | 4.0 | rhel7.x_IBM_Guardium_big_data_security_installer_4.1.0.tar.gz
None