IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.
IBM
Information Disclosure
Cognos Controller
NVD
CVSS 3.1
3.7
EPSS
0.6%
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.
IBM
Information Disclosure
Websphere Application Server
NVD
CVSS 3.1
3.5
EPSS
0.8%