Vulnerability Details : CVE-2019-4330
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set the secure attribute for cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session. IBM X-Force ID: 161210.
Products affected by CVE-2019-4330
- cpe:2.3:a:ibm:security_guardium_big_data_intelligence:4.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-4330
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 36 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-4330
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
3.1
|
LOW | CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
1.6
|
1.4
|
IBM Corporation | |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2019-4330
-
The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-4330
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/161210
IBM Security Guardium Big Data Intelligence information disclosure CVE-2019-4330 Vulnerability ReportVDB Entry;Vendor Advisory
-
https://www.ibm.com/support/pages/node/1096384
Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Missing Cookie Secure Attribute vulnerabilityPatch;Vendor Advisory
Jump to