CVE-2012-1837

CWE-200 — Information Exposure3 documents3 sources

Severity

5.0MEDIUM

EPSS

0.2%

top 53.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tivoli Endpoint Manager

Timeline

PublishedMar 22

Latest updateMay 14

Description

The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager (TEM) before 8.2 do not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/tivoli_endpoint_manager8.1+1

🔴Vulnerability Details

GHSA

GHSA-78xm-mxj5-599h: The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager (TEM) before 8↗2022-05-14

▶

CVEList

CVE-2012-1837: The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager (TEM) before 8↗2012-03-22

▶