CVE-2012-1837

Published: Mar 22, 2012Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager (TEM) before 8.2 do not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

Affected (2)

Products: Ibm: Tivoli Endpoint Manager

1 product

Tivoli Endpoint Manager

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Tivoli Endpoint Manager	Up to 8.1
Ibm Tivoli Endpoint Manager	Version 8.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://secunia.com/advisories/48352

Source: cve@mitre.org

http://www-01.ibm.com/support/docview.wss?uid=swg21587743

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/74038

Source: cve@mitre.org

http://secunia.com/advisories/48352

Source: af854a3a-2127-422b-91ae-364da2661108

http://www-01.ibm.com/support/docview.wss?uid=swg21587743

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/74038

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.