445
VMScore

CVE-2015-7427

Published: 14/11/2015 Updated: 16/11/2015
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

IBM DataPower Gateway appliances with firmware 6.x prior to 6.0.0.17, 6.0.1.x prior to 6.0.1.17, 7.x prior to 7.0.0.10, 7.1.0.x prior to 7.1.0.7, and 7.2.x prior to 7.2.0.1 do not set the secure flag for unspecified cookies in an https session, which makes it easier for remote malicious users to capture these cookies by intercepting their transmission within an http session.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

ibm datapower gateway 6.0.1.12

ibm datapower gateway 6.0.1.13

ibm datapower gateway 6.0.1.14

ibm datapower gateway 6.0.1.15

ibm datapower gateway 7.1.0.2

ibm datapower gateway 7.1.0.3

ibm datapower gateway 7.1.0.4

ibm datapower gateway 7.1.0.5

ibm datapower gateway

ibm datapower gateway 6.0.1.1

ibm datapower gateway 6.0.1.3

ibm datapower gateway 6.0.1.8

ibm datapower gateway 6.0.1.10

ibm datapower gateway 7.0.0.0

ibm datapower gateway 7.0.0.2

ibm datapower gateway 7.0.0.7

ibm datapower gateway 7.0.0.9

ibm datapower gateway 7.1.0.1

ibm datapower gateway 7.1.0.6

ibm datapower gateway 6.0.1.4

ibm datapower gateway 6.0.1.5

ibm datapower gateway 6.0.1.6

ibm datapower gateway 6.0.1.7

ibm datapower gateway 7.0.0.3

ibm datapower gateway 7.0.0.4

ibm datapower gateway 7.0.0.5

ibm datapower gateway 7.0.0.6

ibm datapower gateway 6.0.1.0

ibm datapower gateway 6.0.1.2

ibm datapower gateway 6.0.1.9

ibm datapower gateway 6.0.1.11

ibm datapower gateway 6.0.1.16

ibm datapower gateway 7.0.0.1

ibm datapower gateway 7.0.0.8

ibm datapower gateway 7.1.0.0

ibm datapower gateway 7.2.0.0