CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-1480

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the 'HttpOnly' attribute on authorization tokens or session cookies. If a Cross-Site Scripting vulnerability also existed attackers may be able to get the cookie values via malicious JavaScript and then hijack the user session. IBM X-Force ID: 140762.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 32.3%

CVSS Severity

CVSS v3 Score 4.0

CVSS v2 Score 5.0

References

Products affected by CVE-2018-1480

Ibm » Bigfix Platform » Version: 9.2.0

cpe:2.3:a:ibm:bigfix_platform:9.2.0
Ibm » Bigfix Platform » Version: 9.2.1

cpe:2.3:a:ibm:bigfix_platform:9.2.1
Ibm » Bigfix Platform » Version: 9.2.10

cpe:2.3:a:ibm:bigfix_platform:9.2.10
Ibm » Bigfix Platform » Version: 9.2.11

cpe:2.3:a:ibm:bigfix_platform:9.2.11
Ibm » Bigfix Platform » Version: 9.2.12

cpe:2.3:a:ibm:bigfix_platform:9.2.12
Ibm » Bigfix Platform » Version: 9.2.13

cpe:2.3:a:ibm:bigfix_platform:9.2.13
Ibm » Bigfix Platform » Version: 9.2.14

cpe:2.3:a:ibm:bigfix_platform:9.2.14
Ibm » Bigfix Platform » Version: 9.2.2

cpe:2.3:a:ibm:bigfix_platform:9.2.2
Ibm » Bigfix Platform » Version: 9.2.3

cpe:2.3:a:ibm:bigfix_platform:9.2.3
Ibm » Bigfix Platform » Version: 9.2.4

cpe:2.3:a:ibm:bigfix_platform:9.2.4
Ibm » Bigfix Platform » Version: 9.2.5

cpe:2.3:a:ibm:bigfix_platform:9.2.5
Ibm » Bigfix Platform » Version: 9.2.6

cpe:2.3:a:ibm:bigfix_platform:9.2.6
Ibm » Bigfix Platform » Version: 9.2.7

cpe:2.3:a:ibm:bigfix_platform:9.2.7
Ibm » Bigfix Platform » Version: 9.2.8

cpe:2.3:a:ibm:bigfix_platform:9.2.8
Ibm » Bigfix Platform » Version: 9.2.9

cpe:2.3:a:ibm:bigfix_platform:9.2.9
Ibm » Bigfix Platform » Version: 9.5

cpe:2.3:a:ibm:bigfix_platform:9.5
Ibm » Bigfix Platform » Version: 9.5.0

cpe:2.3:a:ibm:bigfix_platform:9.5.0
Ibm » Bigfix Platform » Version: 9.5.1

cpe:2.3:a:ibm:bigfix_platform:9.5.1
Ibm » Bigfix Platform » Version: 9.5.2

cpe:2.3:a:ibm:bigfix_platform:9.5.2
Ibm » Bigfix Platform » Version: 9.5.3

cpe:2.3:a:ibm:bigfix_platform:9.5.3
Ibm » Bigfix Platform » Version: 9.5.4

cpe:2.3:a:ibm:bigfix_platform:9.5.4
Ibm » Bigfix Platform » Version: 9.5.5

cpe:2.3:a:ibm:bigfix_platform:9.5.5
Ibm » Bigfix Platform » Version: 9.5.6

cpe:2.3:a:ibm:bigfix_platform:9.5.6
Ibm » Bigfix Platform » Version: 9.5.7

cpe:2.3:a:ibm:bigfix_platform:9.5.7
Ibm » Bigfix Platform » Version: 9.5.8

cpe:2.3:a:ibm:bigfix_platform:9.5.8
Ibm » Bigfix Platform » Version: 9.5.9

cpe:2.3:a:ibm:bigfix_platform:9.5.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-1480

Products

Pricing

Contact Us