CVE-2019-4330

Vulnerability

IBM Security Guardium Big Data Intelligence (SonarG) version 4.0 does not set the Secure attribute on cookies when transmitted over HTTPS sessions. This means the Secure flag, which instructs the browser to only send the cookie over encrypted connections, is missing. The vulnerability is present in all deployments of SonarG 4.0 [1].

Exploitation

An attacker would need to be in a position to perform a man-in-the-middle (MITM) attack or otherwise intercept network traffic. The user must be accessing the application over an HTTP connection (or over an insecure network where traffic is observed) for the cookie to be transmitted in plaintext. No authentication or special privileges are required for the attacker, but user interaction (e.g., clicking a link that uses HTTP instead of HTTPS) is necessary to trigger the insecure cookie transmission [1].

Impact

If successful, the attacker can capture the plaintext session cookie, leading to unauthorized access to the authenticated user's session. This results in a partial loss of confidentiality, as the attacker could impersonate the user within the application. The CVSS 3.0 score is 3.1 (Low), indicating limited impact (confidentiality only, no integrity or availability loss) and a high attack complexity [1].

Mitigation

IBM has not released a specific fix or updated version in the available references. The Security Bulletin indicates no workarounds or mitigations are available [1]. Users should monitor IBM's support page for future patches and consider enforcing strict HTTPS usage and HSTS (HTTP Strict Transport Security) headers as general best practices.