CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
71.4%
The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | websphere_service_registry_and_repository | 6.3.0 | cpe:2.3:a:ibm:websphere_service_registry_and_repository:6.3.0:*:*:*:*:*:*:* |
ibm | websphere_service_registry_and_repository | 6.3.0.1 | cpe:2.3:a:ibm:websphere_service_registry_and_repository:6.3.0.1:*:*:*:*:*:*:* |
ibm | websphere_service_registry_and_repository | 6.3.0.2 | cpe:2.3:a:ibm:websphere_service_registry_and_repository:6.3.0.2:*:*:*:*:*:*:* |
ibm | websphere_service_registry_and_repository | 6.3.0.3 | cpe:2.3:a:ibm:websphere_service_registry_and_repository:6.3.0.3:*:*:*:*:*:*:* |
ibm | websphere_service_registry_and_repository | 6.3.0.4 | cpe:2.3:a:ibm:websphere_service_registry_and_repository:6.3.0.4:*:*:*:*:*:*:* |
ibm | websphere_service_registry_and_repository | 6.3.0.5 | cpe:2.3:a:ibm:websphere_service_registry_and_repository:6.3.0.5:*:*:*:*:*:*:* |
ibm | websphere_service_registry_and_repository | 7.0.0 | cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.0.0:*:*:*:*:*:*:* |
ibm | websphere_service_registry_and_repository | 7.0.0.1 | cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.0.0.1:*:*:*:*:*:*:* |
ibm | websphere_service_registry_and_repository | 7.0.0.2 | cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.0.0.2:*:*:*:*:*:*:* |
ibm | websphere_service_registry_and_repository | 7.0.0.3 | cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.0.0.3:*:*:*:*:*:*:* |
www-01.ibm.com/support/docview.wss?uid=swg1IV64010
www.ibm.com/support/docview.wss?uid=swg21693379
www.ibm.com/support/docview.wss?uid=swg21693381
www.ibm.com/support/docview.wss?uid=swg21693384
www.ibm.com/support/docview.wss?uid=swg21693387
www.ibm.com/support/docview.wss?uid=swg21693389
exchange.xforce.ibmcloud.com/vulnerabilities/97622