CVE-2026-4820

Published: Apr 01, 2026 Last Modified: Apr 01, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 4,3

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: required

Scope: unchanged

Confidentiality: low

Integrity: none

Availability: none

Description

AI Translation Available

IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.

614

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Draft

Abstraction: Variant Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality

Potential Impacts:

Read Application Data

Applicable Platforms

Technologies: Web Based

View CWE Details

https://www.ibm.com/support/pages/node/7268028

CVE-2026-4820

Description

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Common Consequences

Applicable Platforms

Iscriviti alla newsletter