Issue: Cookie without Secure flag set

Description:

If the secure flag is not set, the cookie will be transmitted in clear text if the user visits any HTTP URLs within the cookie's scope. An attacker may induce this event by feeding suitable user links directly or via another website.

Remediation:

For ZIETrans applications, this issue can be mitigated by configuring the runtime server to set a secure flag.

Refer to below link and follow the below steps in the Websphere application server to configure the secure flag :

https://www.ibm.com/support/pages/setting-httponly-and-secure-flags-websphere-application-server-cookies