CVE-2015-2025

IBM WebSphere eXtreme Scale 7.1.0-7.1.0.2 and 7.1.1 - Unauthenticated Sensitive Information Exposure via Session Cookie

Title source: llm
STIX 2.1

Description

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

References (3)

Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21966044
Patch, Vendor Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PI44105
Patch, Vendor Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PI44098

Scores

EPSS 0.0123
EPSS Percentile 65.3%

Details

CWE
CWE-200
Status published
Products (3)
ibm/websphere_extreme_scale 7.1.0
ibm/websphere_extreme_scale 7.1.0.2
ibm/websphere_extreme_scale 7.1.1
Published Oct 04, 2015
Tracked Since Feb 18, 2026