HTTPOnly Flag Absence in IBM Tivoli Endpoint Manager Web Programs
CVE-2012-1837

Currently unrated

Key Information:

Vendor

IBM
Status
Tivoli Endpoint Manager
Vendor
CVE Published:
22 March 2012

What is CVE-2012-1837?

The webreports, post/create-role, and post/update-role programs within IBM Tivoli Endpoint Manager prior to version 8.2 do not implement the HTTPOnly flag in their Set-Cookie headers. This oversight allows remote attackers to access sensitive information contained within cookies, increasing the risk of exploitation through script access. Without proper protection, these cookies can be compromised, leading to unauthorized access and data breaches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/48352
third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/74038
vdb-entryx_refsource_XF
http://www-01.ibm.com/support/docview.wss?uid=swg21587743
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.