Session Cookie Vulnerability in IBM Tivoli Endpoint Manager for Lifecycle Management
CVE-2015-1915

Currently unrated

Key Information:

Vendor: IBM
Status: Endpoint Manager Family
Vendor: CVE Published:; 25 May 2015

Summary

A vulnerability exists in the Endpoint Manager for Remote Control component of IBM Tivoli Endpoint Manager for Lifecycle Management. The secure flag is not set for the session cookie in HTTPS sessions for affected versions, making it possible for remote attackers to capture the session cookie by intercepting its transmission over insecure HTTP connections. This flaw can potentially allow unauthorized access to user sessions.

References

http://www.securityfocus.com/bid/74193

vdb-entryx_refsource_BID

http://www-01.ibm.com/support/docview.wss?uid=swg21882571

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IV72069

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
May 25, 2015
Vulnerability Reserved
Feb 19, 2015