CVE-2012-1837

2012-03-21T23:28:04
ID CVE-2012-1837
Type cve
Reporter NVD
Modified 2018-01-09T21:29:30

Description

The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager (TEM) before 8.2 do not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.