Description
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 149703.
Remediation
References
Related Vulnerabilities
WordPress 4.8.x Prototype Pollution (4.8 - 4.8.18)
WordPress Plugin Clean Login Unspecified Vulnerability (1.8)
WordPress Plugin Integration for Contact Form 7 and ActiveCampaign Cross-Site Scripting (1.0.3)
WordPress Plugin Simple Instagram Feed Cross-Site Scripting (1.3)
IBM WebSEAL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1886)