3.7
CVE-2023-33847
- EPSS 0.07%
- Published 08.06.2023 01:15:09
- Last modified 21.11.2024 08:06:04
- Source psirt@us.ibm.com
- Teams watchlist Login
- Open Login
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257102.
Data is provided by the National Vulnerability Database (NVD)
Ibm ≫ Txseries For Multiplatform Version8.1
Ibm ≫ Txseries For Multiplatform Version >= 8.2 < 8.2.0.2
Ibm ≫ Txseries For Multiplatform Version >= 9.1 < 9.1.0.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.207 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 3.1 | 1.6 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
|
| psirt@us.ibm.com | 3.7 | 2.2 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
|