Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 177354.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
IBM Publishing Engine 安全漏洞
Vulnerability Description
IBM Publishing Engine是美国国际商业机器公司(IBM)的一套文档自动生成解决方案。该方案能够生成Rational产品文档,同时支持选择其它供应商的应用程序生成文档。 IBM Publishing Engine 6.0.6版本、6.0.6.1版本和7.0版本中的会话cookie存在安全漏洞,该漏洞源于程序没有对授权令牌或会话cookie设置secure属性。攻击者可通过向用户发送http://链接或向用户访问的网站注入该链接利用该漏洞获取cookie值。
CVSS Information
N/A
Vulnerability Type
N/A