CVE-2012-4592

Name of the Vulnerable Software and Affected Versions McAfee Enterprise Mobility Manager (EMM) versions prior to 10.0

Description The issue concerns the Portal in McAfee Enterprise Mobility Manager (EMM) where the secure flag for the ASP.NET session cookie is not set in an https session. This makes it easier for remote attackers to capture the cookie by intercepting its transmission within an http session.

Recommendations For versions prior to 10.0, update to version 10.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Portal to minimize the risk of exploitation.