VDB
CVE-2023-46179
CVE-2023-46179
PUBLISHED
CVSS 4.300000190734863 MEDIUM
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 269683.
EPSS 0.04% · 11.1th percentile
Risk Scores
CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
EPSS Score
0.04%
11.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| IBM | Secure Proxy | 6.0.3, 6.1.0 |
| ibm | sterling_secure_proxy | 6.0.3, 6.1.0 |
Timeline
- Mar 15, 2024 CVE Published
- Mar 16, 2024 EPSS Score
- Apr 11, 2024 EPSS Score
- May 7, 2024 EPSS Score
- Jun 2, 2024 EPSS Score
- Jun 28, 2024 EPSS Score
- Jul 24, 2024 EPSS Score
- Aug 19, 2024 EPSS Score
- Sep 14, 2024 EPSS Score
- Oct 10, 2024 EPSS Score
- Nov 5, 2024 EPSS Score
- Dec 2, 2024 EPSS Score
References
- https://www.ibm.com/support/pages/node/7142038 vendor-advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/269683 vdb
- https://www.ibm.com/support/pages/node/7142007 advisory
- https://www.ibm.com/support/pages/node/7138527 advisory
- https://www.ibm.com/support/pages/node/7138509 advisory
- https://www.ibm.com/support/pages/node/7140420 advisory
- https://www.ibm.com/support/pages/node/7138477 advisory
- https://www.ibm.com/support/pages/node/7142032 advisory
- https://www.ibm.com/support/pages/node/7138522 advisory
- https://www.ibm.com/support/pages/node/7137248 advisory
- https://www.ibm.com/support/pages/node/7137258 advisory
- https://www.ibm.com/support/pages/node/7138503 advisory
- https://www.ibm.com/support/pages/node/7142006 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-46179 advisory