CVE-2015-7427
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
14/11/2015
Last modified:
12/04/2025
Description
IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x before 7.0.0.10, 7.1.0.x before 7.1.0.7, and 7.2.x before 7.2.0.1 do not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:* | 6.0.0.16 (including) | |
| cpe:2.3:a:ibm:datapower_gateway:6.0.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:datapower_gateway:6.0.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:datapower_gateway:6.0.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:datapower_gateway:6.0.1.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:datapower_gateway:6.0.1.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:datapower_gateway:6.0.1.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:datapower_gateway:6.0.1.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:datapower_gateway:6.0.1.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:datapower_gateway:6.0.1.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:datapower_gateway:6.0.1.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:datapower_gateway:6.0.1.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:datapower_gateway:6.0.1.11:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:datapower_gateway:6.0.1.12:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:datapower_gateway:6.0.1.13:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page