CVE-2023-46179

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Mar 15, 2024

Updated: Mar 19, 2024

CWE ID 614

Summary

CVE-2023-46179: IBM Sterling Secure Proxy versions 6.0.3 and 6.1.0 fail to set the secure attribute on authorization tokens and session cookies. This vulnerability allows attackers to intercept and obtain cookie values by sending users malicious HTTP links or embedding such links on visited websites. The cookies will be transmitted in plaintext to the insecure links, enabling unauthorized access to protected resources. (IBM X-Force ID: 269683)

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

IBM Sterling Secure Proxy

Affected Vendors

IBM Corporation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tDE9Nx
https://www.cve.org/CVERecord?id=CVE-2023-46179
https://nvd.nist.gov/vuln/detail/CVE-2023-46179

Back to Vulnerability Database