Description
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 149703.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contact Bank-Contact Form Builder for WordPress Cross-Site Scripting (2.0.226)
IBM WebSEAL Improper Restriction of XML External Entity Reference Vulnerability (CVE-2019-4707)
Moodle Improper Privilege Management Vulnerability (CVE-2019-3849)
MySQL CVE-2019-2631 Vulnerability (CVE-2019-2631)
WordPress Plugin Contact Form 7 Multi-Step Forms Security Bypass (3.0.8)