Session Cookie Vulnerability in IBM Tivoli Endpoint Manager for Lifecycle Management
CVE-2015-1915

Currently unrated

Key Information:

Vendor

IBM
Status
Endpoint Manager Family
Vendor
CVE Published:
25 May 2015

What is CVE-2015-1915?

A vulnerability exists in the Endpoint Manager for Remote Control component of IBM Tivoli Endpoint Manager for Lifecycle Management. The secure flag is not set for the session cookie in HTTPS sessions for affected versions, making it possible for remote attackers to capture the session cookie by intercepting its transmission over insecure HTTP connections. This flaw can potentially allow unauthorized access to user sessions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/74193
vdb-entryx_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=swg21882571
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg1IV72069
vendor-advisoryx_refsource_AIXAPAR

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.