CVE-2012-4846

CWE-200Information Exposure3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.2%
top 53.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Lotus Notes
Timeline
PublishedDec 19
Latest updateMay 17

Description

IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, aka SPRs JMAS7TRNLN and SRAO8U3Q68.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDibm/lotus_notes16 versions+15

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-g39h-q25h-8r2q: IBM Lotus Notes 82022-05-17
CVEList
CVE-2012-4846: IBM Lotus Notes 82012-12-19