The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager (TEM) before 8.2 do not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2012-03-22T01:00:00
Updated: 2024-08-06T19:08:38.481Z
Reserved: 2012-03-21T00:00:00
Link: CVE-2012-1837
Vulnrichment
No data.
NVD
Status : Modified
Published: 2012-03-22T03:28:04.517
Modified: 2018-01-10T02:29:30.083
Link: CVE-2012-1837
Redhat
No data.