CVE-2015-7427

IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x before 7.0.0.10, 7.1.0.x before 7.1.0.7, and 7.2.x before 7.2.0.1 do not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
ibmdatapower_gateway
𝑥
≤ 6.0.0.16
ibmdatapower_gateway
6.0.1.0
ibmdatapower_gateway
6.0.1.1
ibmdatapower_gateway
6.0.1.2
ibmdatapower_gateway
6.0.1.3
ibmdatapower_gateway
6.0.1.4
ibmdatapower_gateway
6.0.1.5
ibmdatapower_gateway
6.0.1.6
ibmdatapower_gateway
6.0.1.7
ibmdatapower_gateway
6.0.1.8
ibmdatapower_gateway
6.0.1.9
ibmdatapower_gateway
6.0.1.10
ibmdatapower_gateway
6.0.1.11
ibmdatapower_gateway
6.0.1.12
ibmdatapower_gateway
6.0.1.13
ibmdatapower_gateway
6.0.1.14
ibmdatapower_gateway
6.0.1.15
ibmdatapower_gateway
6.0.1.16
ibmdatapower_gateway
7.0.0.0
ibmdatapower_gateway
7.0.0.1
ibmdatapower_gateway
7.0.0.2
ibmdatapower_gateway
7.0.0.3
ibmdatapower_gateway
7.0.0.4
ibmdatapower_gateway
7.0.0.5
ibmdatapower_gateway
7.0.0.6
ibmdatapower_gateway
7.0.0.7
ibmdatapower_gateway
7.0.0.8
ibmdatapower_gateway
7.0.0.9
ibmdatapower_gateway
7.1.0.0
ibmdatapower_gateway
7.1.0.1
ibmdatapower_gateway
7.1.0.2
ibmdatapower_gateway
7.1.0.3
ibmdatapower_gateway
7.1.0.4
ibmdatapower_gateway
7.1.0.5
ibmdatapower_gateway
7.1.0.6
ibmdatapower_gateway
7.2.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1IT10279
http://www-01.ibm.com/support/docview.wss?uid=swg21969342
http://www-01.ibm.com/support/docview.wss?uid=swg1IT10279
http://www-01.ibm.com/support/docview.wss?uid=swg21969342