Cybersecurity team has flagged the below vulnerability in connection with SiteMinder Admin Console.
It appears that the session cookies are not being marked as secure, even though it was over https.
Name: Session Cookie Not Marked as Secure
Identified Cookie(s) :
Cookie Source :
Release : 12.8.05
Component : SITEMINDER WAM UI
This is out of box design with current 12.8 admin ui.
Expected result should be something like:
Set-Cookie: JSESSIONID=882D48C8842EA82E3F3AFACC4425A695; Path=/iam/siteminder; Secure; HttpOnly