CVE-2015-1915 — Sensitive Information Exposure in IBM Endpoint Manager Family

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 48.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Endpoint Manager Family

Timeline

PublishedMay 25

Latest updateMay 17

Description

The Endpoint Manager for Remote Control component in IBM Tivoli Endpoint Manager for Lifecycle Management 9.0.1 before IF6 and 9.1.0 before IF6 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/endpoint_manager_family9.0.1, 9.1.0+1

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-34hj-48ww-g9qc: The Endpoint Manager for Remote Control component in IBM Tivoli Endpoint Manager for Lifecycle Management 9↗2022-05-17

▶

CVEList

CVE-2015-1915: The Endpoint Manager for Remote Control component in IBM Tivoli Endpoint Manager for Lifecycle Management 9↗2015-05-25

▶