CVE-2017-1228
low
CVSS v3
3.7
CVSS v2
4.3
VIR risk
3.7
Description
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable the secure cookie attribute. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 123907.
Predictions
Exploit likelihood
47%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — https://exchange.xforce.ibmcloud.com/vulnerabilities/123907
Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=swg22009673
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | bigfix_platform | 9.2 | |
| ibm | bigfix_platform | 9.5 | |
References
- http://www.ibm.com/support/docview.wss?uid=swg22009673
- http://www.securityfocus.com/bid/101571
- https://exchange.xforce.ibmcloud.com/vulnerabilities/123907
- http://www.ibm.com/support/docview.wss?uid=swg22009673
- http://www.securityfocus.com/bid/101571
- https://exchange.xforce.ibmcloud.com/vulnerabilities/123907
CWEs
CWE-200
Verify integrity in audit chain (admin only). AS-IS.