Cookies with missing, inconsistent or contradictory properties (verified)

At least one of the following cookie properties renders the cookie invalid or incompatible with a different property of the cookie itself or the environment in which the cookie is used.

Although this is not a vulnerability in itself, it will likely lead to unexpected application behavior, which in turn may cause secondary security issues.

Detail
List of cookies with missing, inconsistent or contradictory properties:

https://iptest.domain.com/sigma/app/index
Set-Cookie: JSESSIONID=m4F1xjU6VeditedtWhN-diqU09fko91mWBfATfp3l.I
Set-Cookie: JSESSIONID=d9HdmIKWeditedfJuvLa7IUbVxI5-YDIos_bgTzg6

- Cookie without SameSite attribute.
When cookies lack the SameSite attribute, web browsers can apply

Vapp 14.5

The default value for SameSite is 'Lax' when a Cookie is not specified with SameSite attribute. In such case, cookie is restricted to the application or same-site contexts by default. 

- Cookies that are intended for third-party or cross-site contexts must specify SameSite=None and Secure.

- IGA supports SAML, OpenID and SiteMinder integrations. Deployments on Standalone and Virtual Appliance.

- Keeping the integration flows of SAML or OpenID Connect or SiteMinder and the IGA point products (IM, IG and IP) communication when they are deployed on different hosts,

the 'SameSite' attribute for cookies is not implemented as one approach doesn't suit all the integration and deployment scenarios.