CVE-2019-4330

MEDIUM

IBM Security Guardium Big Data Intelligence - Info Disclosure

Title source: llm

Description

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set the secure attribute for cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session. IBM X-Force ID: 161210.

References (2)

[Patch, Vendor Advisory] https://www.ibm.com/support/pages/node/1096384

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/161210

Scores

CVSS v3 4.3

EPSS 0.0028

EPSS Percentile 51.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Details

CWE

CWE-565

Status published

Products (1)

ibm/security_guardium_big_data_intelligence 4.0

Published Oct 29, 2019

Tracked Since Feb 18, 2026