CVE-2019-4330

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set the secure attribute for cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session. IBM X-Force ID: 161210.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
ibmCNA
3.1 LOW
NETWORK
HIGH
NONE
CVSS:3.0/PR:N/I:N/AC:H/S:U/A:N/AV:N/C:L/UI:R/RL:O/RC:C/E:U
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
ibmsecurity_guardium_big_data_intelligence
4.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/161210
https://www.ibm.com/support/pages/node/1096384
https://exchange.xforce.ibmcloud.com/vulnerabilities/161210
https://www.ibm.com/support/pages/node/1096384