CVE-2018-1804
First published: Thu Dec 13 2018(Updated: )
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 149703.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Security Access Manager | >=9.0.1.0<=9.0.5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this security vulnerability?
The vulnerability ID is CVE-2018-1804.
What is the severity of CVE-2018-1804?
The severity of CVE-2018-1804 is medium.
What is the affected software for CVE-2018-1804?
The affected software for CVE-2018-1804 is IBM Security Access Manager Appliance versions 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0.
What is the description of CVE-2018-1804?
CVE-2018-1804 is a vulnerability in IBM Security Access Manager Appliance that does not set the secure attribute on authorization tokens or session cookies, allowing an attacker to obtain sensitive information using man-in-the-middle techniques.
How can I fix CVE-2018-1804?
To fix CVE-2018-1804, upgrade to a version of IBM Security Access Manager Appliance that sets the secure attribute on authorization tokens and session cookies.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/weakness
- agent/description
- agent/tags
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/ibm
- canonical/ibm security access manager
- version/ibm security access manager/9.0.1.0
- version/ibm security access manager/9.0.5.0