Cookie Security Flaw in IBM Tivoli Endpoint Manager
CVE-2012-0718
5.4MEDIUM
Summary
IBM Tivoli Endpoint Manager 8 is susceptible to a cookie security vulnerability due to the absence of the HttpOnly flag on cookies. This oversight enables attackers to potentially access sensitive session information through cross-site scripting (XSS) attacks. By failing to implement the HttpOnly attribute, the application does not adequately protect cookies from being accessed by malicious scripts, thereby increasing the risk of session hijacking and unauthorized access to user data.
Affected Version(s)
Tivoli Endpoint Manager 8
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved