CVE-2015-2025
IBM WebSphere eXtreme Scale 7.1.0-7.1.0.2 and 7.1.1 - Unauthenticated Sensitive Information Exposure via Session Cookie
Title source: llmDescription
IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21966044
Patch, Vendor Advisory vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PI44105
Patch, Vendor Advisory vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PI44098
Scores
EPSS
0.0123
EPSS Percentile
65.3%
Details
CWE
CWE-200
Status
published
Products (3)
ibm/websphere_extreme_scale
7.1.0
ibm/websphere_extreme_scale
7.1.0.2
ibm/websphere_extreme_scale
7.1.1
Published
Oct 04, 2015
Tracked Since
Feb 18, 2026