CVE-2015-1915

Published: May 25, 2015Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The Endpoint Manager for Remote Control component in IBM Tivoli Endpoint Manager for Lifecycle Management 9.0.1 before IF6 and 9.1.0 before IF6 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Affected (2)

Products: Ibm: Endpoint Manager Family

1 product

Endpoint Manager Family

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Endpoint Manager Family	Version 9.0.1
Ibm Endpoint Manager Family	Version 9.1.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://www-01.ibm.com/support/docview.wss?uid=swg1IV72069

Source: psirt@us.ibm.com

PatchVendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21882571

Source: psirt@us.ibm.com

PatchVendor Advisory

http://www.securityfocus.com/bid/74193

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg1IV72069

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21882571

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/74193

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.