CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-0905

IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the secure flag for the LTPA cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 40.9%

CVSS Severity

CVSS v2 Score 2.9

References

http://www-01.ibm.com/support/docview.wss?uid=swg21680830
https://exchange.xforce.ibmcloud.com/vulnerabilities/91720
http://www-01.ibm.com/support/docview.wss?uid=swg21680830
https://exchange.xforce.ibmcloud.com/vulnerabilities/91720

Products affected by CVE-2014-0905

Ibm » Infosphere Biginsights » Version: 2.0.0.0

cpe:2.3:a:ibm:infosphere_biginsights:2.0.0.0
Ibm » Infosphere Biginsights » Version: 2.1.0.0

cpe:2.3:a:ibm:infosphere_biginsights:2.1.0.0
Ibm » Infosphere Biginsights » Version: 2.1.1.0

cpe:2.3:a:ibm:infosphere_biginsights:2.1.1.0
Ibm » Infosphere Biginsights » Version: 2.1.2.0

cpe:2.3:a:ibm:infosphere_biginsights:2.1.2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-0905

Products

Pricing

Contact Us