Session Cookie Vulnerability in McAfee Enterprise Mobility Manager
CVE-2012-4592

Currently unrated

Key Information:

Vendor: Mcafee
Status: Enterprise Mobility Manager
Vendor: CVE Published:; 22 August 2012

Summary

The Portal in McAfee Enterprise Mobility Manager (EMM) prior to version 10.0 fails to set the secure flag for the ASP.NET session cookie during https sessions. This oversight allows remote attackers to exploit the vulnerability and potentially intercept the session cookie by monitoring its transmission over unsecure http sessions, thereby compromising session integrity and exposing sensitive user information.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/78220

vdb-entryx_refsource_XF

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 22, 2012
Vulnerability Reserved
Aug 22, 2012