4.3

CVE-2014-6153

The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.05% 0.787
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.ibm.com/support/docview.wss?uid=swg21693379
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg21693381
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg21693384
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg21693387
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg21693389
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IV64010
https://exchange.xforce.ibmcloud.com/vulnerabilities/97622