IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.
Session Fixation
IBM
Information Disclosure
Security Access Manager
NVD
CVSS 3.0
3.7
EPSS
0.9%