CVE-2019-4214

LOW

IBM Smartcloud Analytics Log Analysis - Incorrect Permission Assign...

Title source: rule
STIX 2.1

Description

IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 159185.

References (2)

Scores

CVSS v3 3.7
EPSS 0.0015
EPSS Percentile 35.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-732 CWE-311
Status published
Products (1)
ibm/smartcloud_analytics_log_analysis 1.3.1 - 1.3.5
Published Nov 22, 2019
Tracked Since Feb 18, 2026