CVE-2012-4846

2012-12-19T06:55:54
ID CVE-2012-4846
Type cve
Reporter NVD
Modified 2017-08-28T21:32:23

Description

IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, aka SPRs JMAS7TRNLN and SRAO8U3Q68.