CVE-2015-7427
IBM DataPower Gateway <6.0.0.17, <6.0.1.17, <7.0.0.10, <7.1.0.7, <7...
Title source: llmDescription
IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x before 7.0.0.10, 7.1.0.x before 7.1.0.7, and 7.2.x before 7.2.0.1 do not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21969342
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT10279
Scores
EPSS
0.0120
EPSS Percentile
64.4%
Details
CWE
CWE-200
Status
published
Products (36)
ibm/datapower_gateway
6.0.1.0
ibm/datapower_gateway
6.0.1.1
ibm/datapower_gateway
6.0.1.2
ibm/datapower_gateway
6.0.1.3
ibm/datapower_gateway
6.0.1.4
ibm/datapower_gateway
6.0.1.5
ibm/datapower_gateway
6.0.1.6
ibm/datapower_gateway
6.0.1.7
ibm/datapower_gateway
6.0.1.8
ibm/datapower_gateway
6.0.1.9
... and 26 more
Published
Nov 14, 2015
Tracked Since
Feb 18, 2026