CVE-2019-4638
First published: Wed Jan 08 2020(Updated: )
IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 170044.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Security Secret Server | <10.7.000059 | |
| <=All |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-4638?
CVE-2019-4638 is a vulnerability in IBM Security Secret Server 10.7 that allows an attacker to obtain sensitive information using man-in-the-middle techniques.
How does CVE-2019-4638 work?
CVE-2019-4638 works by not setting the secure attribute on authorization tokens or session cookies, making it susceptible to man-in-the-middle attacks.
What is the severity of CVE-2019-4638?
CVE-2019-4638 has a severity rating of medium with a value of 3.7.
How can I fix CVE-2019-4638?
To fix CVE-2019-4638, update IBM Security Secret Server to version 10.7.000059 or later, which sets the secure attribute on authorization tokens and session cookies.
Where can I find more information about CVE-2019-4638?
You can find more information about CVE-2019-4638 on the IBM X-Force ID page (https://exchange.xforce.ibmcloud.com/vulnerabilities/170044) and the IBM support page (https://www.ibm.com/support/pages/node/1283236).
- collector/nvd-index
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/weakness
- agent/author
- agent/severity
- agent/description
- agent/softwarecombine
- agent/tags
- agent/event
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- vendor/ibm
- canonical/ibm security secret server
- version/ibm security secret server/all