IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257702.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2024-07-10T15:28:42.347Z

Updated: 2024-08-02T15:54:12.594Z

Reserved: 2023-05-23T00:32:05.086Z

Link: CVE-2023-33860

cve-icon Vulnrichment

Updated: 2024-08-02T15:54:12.594Z

cve-icon NVD

Status : Modified

Published: 2024-07-10T16:15:03.060

Modified: 2024-11-21T08:06:05.317

Link: CVE-2023-33860

cve-icon Redhat

No data.