Description

IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Remediation

References

CVE-2014-3092

Related Vulnerabilities

MySQL CVE-2018-2640 Vulnerability (CVE-2018-2640)

WordPress Plugin Discount Rules for WooCommerce Multiple Vulnerabilities (2.0.2)

WordPress Plugin Wufoo Shortcode Cross-Site Scripting (1.51)

TYPO3 Deserialization of Untrusted Data Vulnerability (CVE-2019-12747)

Apache HTTP Server Improper Access Control Vulnerability (CVE-2016-4979)

Severity

Medium

Classification

CVE-2014-3092 CWE-200

Tags

Missing Update Known Vulnerabilities