CVE-2014-0905

IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the secure flag for the LTPA cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Published: Aug 18, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-0905
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.9
AV:A/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
ibm / infosphere_biginsights	2.0.0.0	2.0.0.0.x
ibm / infosphere_biginsights	2.1.0.0	2.1.0.0.x
ibm / infosphere_biginsights	2.1.1.0	2.1.1.0.x
ibm / infosphere_biginsights	2.1.2.0	2.1.2.0.x

http://www-01.ibm.com/support/docview.wss?uid=swg21680830
https://exchange.xforce.ibmcloud.com/vulnerabilities/91720

Vulnerability Database

289,784

CVE-2014-0905