VDB

CVE-2023-46179

CVE-2023-46179 PUBLISHED CVSS 4.300000190734863 MEDIUM

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 269683.

EPSS 0.04% · 11.1th percentile

Risk Scores

CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
EPSS Score
0.04%
11.1th percentile

Affected Products

VendorProductVersions
IBMSecure Proxy6.0.3, 6.1.0
ibmsterling_secure_proxy6.0.3, 6.1.0

Timeline

  • Mar 15, 2024 CVE Published
  • Mar 16, 2024 EPSS Score
  • Apr 11, 2024 EPSS Score
  • May 7, 2024 EPSS Score
  • Jun 2, 2024 EPSS Score
  • Jun 28, 2024 EPSS Score
  • Jul 24, 2024 EPSS Score
  • Aug 19, 2024 EPSS Score
  • Sep 14, 2024 EPSS Score
  • Oct 10, 2024 EPSS Score
  • Nov 5, 2024 EPSS Score
  • Dec 2, 2024 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›