Lucene search
HistoryDec 19, 2012 - 11:55 a.m.
CVE-2012-4846
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
5.8
Confidence
Low
EPSS
0.003
Percentile
69.1%
IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, aka SPRs JMAS7TRNLN and SRAO8U3Q68.
Affected configurations
Node
ibmlotus_notesMatch8.5.0.0
ORibmlotus_notesMatch8.5.0.1
ORibmlotus_notesMatch8.5.1
ORibmlotus_notesMatch8.5.1.0
ORibmlotus_notesMatch8.5.1.1
ORibmlotus_notesMatch8.5.1.2
ORibmlotus_notesMatch8.5.1.3
ORibmlotus_notesMatch8.5.1.4
ORibmlotus_notesMatch8.5.1.5
ORibmlotus_notesMatch8.5.2.0
ORibmlotus_notesMatch8.5.2.1
ORibmlotus_notesMatch8.5.2.2
ORibmlotus_notesMatch8.5.2.3
ORibmlotus_notesMatch8.5.3
ORibmlotus_notesMatch8.5.3.1
ORibmlotus_notesMatch8.5.3.2
Related
openvas
openvas
IBM Lotus Notes Web Application XSS Vulnerability (Linux)
2013-01-23 00:00:00
IBM Lotus Notes Web Application XSS Vulnerability (Mac OS X)
2013-01-23 00:00:00
IBM Lotus Notes Web Application XSS Vulnerability - Linux
2013-01-23 00:00:00
cve
cve
CVE-2012-4846
2012-12-19 11:55:54
cvelist
cvelist
CVE-2012-4846
2012-12-19 11:00:00
prion
prion
Design/Logic Flaw
2012-12-19 11:55:00
nessus
nessus
IBM Lotus Notes 8.5.1 / 8.5.2 / 8.5.3 < 8.5.3 FP3 Multiple Vulnerabilities
2012-12-17 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
5.8
Confidence
Low
EPSS
0.003
Percentile
69.1%
Related for NVD:CVE-2012-4846