Description
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 149703.
Remediation
References
Related Vulnerabilities
WordPress Plugin Weaver Show Posts Cross-Site Scripting (1.6)
Roundcube Files or Directories Accessible to External Parties Vulnerability (CVE-2017-16651)
WordPress Plugin User Profile Picture Information Disclosure (2.4.0)
WordPress Plugin Simple Download Monitor Multiple Cross-Site Request Forgery Vulnerabilities (3.9.8)