Description

IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Remediation

References

CVE-2014-3092

Related Vulnerabilities

SharePoint CVE-2024-49064 Vulnerability (CVE-2024-49064)

WordPress 4.8.x Arbitrary File Deletion Vulnerability (4.8 - 4.8.6)

WordPress Plugin Amelia-Events & Appointments Booking Calendar Cross-Site Scripting (1.0.46)

WordPress Plugin 3D Slider Slice Box Multiple Cross-Site Scripting Vulnerabilities (1.0)

Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-7297)

Severity

Medium

Classification

CVE-2014-3092 CWE-200

Tags

Missing Update Known Vulnerabilities