IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
IBM
Information Disclosure
Smartcloud Analytics Log Analysis
NVD
CVSS 3.1
3.7
EPSS
0.5%