IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257702.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: ibm
Published: 2024-07-10T15:28:42.347Z
Updated: 2024-08-02T15:54:12.594Z
Reserved: 2023-05-23T00:32:05.086Z
Link: CVE-2023-33860
Vulnrichment
Updated: 2024-08-02T15:54:12.594Z
NVD
Status : Modified
Published: 2024-07-10T16:15:03.060
Modified: 2024-11-21T08:06:05.317
Link: CVE-2023-33860
Redhat
No data.