PT-2015-5504 · Ibm · Ibm Tivoli Endpoint Manager For Lifecycle Management
Published
2015-05-25
·
Updated
2016-11-30
·
CVE-2015-1915
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Tivoli Endpoint Manager for Lifecycle Management versions 9.0.1 before IF6
IBM Tivoli Endpoint Manager for Lifecycle Management versions 9.1.0 before IF6
Description
The issue concerns the Endpoint Manager for Remote Control component, which fails to set the secure flag for the session cookie in an https session. This oversight makes it easier for remote attackers to capture the cookie by intercepting its transmission within an http session.
Recommendations
For IBM Tivoli Endpoint Manager for Lifecycle Management version 9.0.1 before IF6, apply IF6 to set the secure flag for the session cookie.
For IBM Tivoli Endpoint Manager for Lifecycle Management version 9.1.0 before IF6, apply IF6 to set the secure flag for the session cookie.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Tivoli Endpoint Manager For Lifecycle Management