{"api_version":"1","generated_at":"2026-05-02T20:59:40+00:00","cve":"CVE-2019-4330","urls":{"html":"https://cve.report/CVE-2019-4330","api":"https://cve.report/api/cve/CVE-2019-4330.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-4330","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-4330"},"summary":{"title":"CVE-2019-4330","description":"IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set the secure attribute for cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session. IBM X-Force ID: 161210.","state":"PUBLIC","assigner":"psirt@us.ibm.com","published_at":"2019-10-29 00:15:00","updated_at":"2022-12-13 02:04:00"},"problem_types":["CWE-565"],"metrics":[],"references":[{"url":"https://www.ibm.com/support/pages/node/1096384","name":"https://www.ibm.com/support/pages/node/1096384","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Missing Cookie Secure Attribute vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/161210","name":"ibm-guardium-cve20194330-info-disc (161210)","refsource":"XF","tags":["VDB Entry","Vendor Advisory"],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-4330","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-4330","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"4330","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"security_guardium_big_data_intelligence","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"4330","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"security_guardium_big_data_intelligence","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"affects":{"vendor":{"vendor_data":[{"vendor_name":"IBM","product":{"product_data":[{"version":{"version_data":[{"version_value":"4"}]},"product_name":"Security Guardium Big Data Intelligence"}]}}]}},"data_format":"MITRE","data_version":"4.0","problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Obtain Information"}]}]},"CVE_data_meta":{"ASSIGNER":"psirt@us.ibm.com","DATE_PUBLIC":"2019-10-22T00:00:00","ID":"CVE-2019-4330","STATE":"PUBLIC"},"data_type":"CVE","description":{"description_data":[{"lang":"eng","value":"IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set the secure attribute for cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session. IBM X-Force ID: 161210."}]},"references":{"reference_data":[{"name":"https://www.ibm.com/support/pages/node/1096384","title":"IBM Security Bulletin 1096384 (Security Guardium Big Data Intelligence)","refsource":"CONFIRM","url":"https://www.ibm.com/support/pages/node/1096384"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/161210","title":"X-Force Vulnerability Report","refsource":"XF","name":"ibm-guardium-cve20194330-info-disc (161210)"}]},"impact":{"cvssv3":{"TM":{"RL":"O","RC":"C","E":"U"},"BM":{"SCORE":"3.100","PR":"N","I":"N","AC":"H","S":"U","A":"N","AV":"N","C":"L","UI":"R"}}}},"nvd":{"publishedDate":"2019-10-29 00:15:00","lastModifiedDate":"2022-12-13 02:04:00","problem_types":["CWE-565"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:security_guardium_big_data_intelligence:4.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"4330","Ordinal":"141941","Title":"CVE-2019-4330","CVE":"CVE-2019-4330","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"4330","Ordinal":"1","NoteData":"IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set the secure attribute for cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session. IBM X-Force ID: 161210.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"4330","Ordinal":"2","NoteData":"2019-10-28","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"4330","Ordinal":"3","NoteData":"2019-10-28","Type":"Other","Title":"Modified"}]}}}