Lucene search

[email protected]CVE-2015-1915

HistoryMay 25, 2015 - 12:59 a.m.

CVE-2015-1915

2015-05-2500:59:00

CWE-200

[email protected]

web.nvd.nist.gov

ibm

tivoli

endpoint manager

lifecycle management

security

vulnerability

cve-2015-1915

6.6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

68.9%

JSON

The Endpoint Manager for Remote Control component in IBM Tivoli Endpoint Manager for Lifecycle Management 9.0.1 before IF6 and 9.1.0 before IF6 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

CPENameOperatorVersion
ibm:endpoint_manager_familyibm endpoint manager familyeq9.1.0
ibm:endpoint_manager_familyibm endpoint manager familyeq9.0.1

CPE	Name	Operator	Version
ibm:endpoint_manager_family	ibm endpoint manager family	eq	9.1.0
ibm:endpoint_manager_family	ibm endpoint manager family	eq	9.0.1

References

www-01.ibm.com/support/docview.wss?uid=swg1IV72069

www-01.ibm.com/support/docview.wss?uid=swg21882571

www.securityfocus.com/bid/74193

6.6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

68.9%

JSON

Related for CVE-2015-1915

prion1 cvelist1 openvas1