CVE-2015-0102
HIGHIBM Workflow for Bluemix - Session Cookie Secure Flag Missing
Title source: llmDescription
IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
References (3)
Core 3
Core References
Broken Link x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21694941
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/74220
Scores
CVSS v3
8.1
EPSS
0.0171
EPSS Percentile
74.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Details
CWE
CWE-287
Status
published
Products (1)
ibm/workflow
Published
Feb 05, 2020
Tracked Since
Feb 18, 2026