Information disclosure in Ibm Lotus_notes
CVE-2012-4846
IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this…
Vulnerability class: Information Disclosure
EPSS: 0.002 (46.4th percentile) — read the EPSS interpretation.
Affected products
- Ibm Lotus_notes — versions 8.5.0.0, 8.5.0.1, 8.5.1
- N/a — versions n/a
Weakness classification (CWE)
References
- lotus-notes-httponly-info-disc(79535) (vdb-entry, x_refsource_XF)
- psirt@us.ibm.com (x_refsource_CONFIRM, Patch)
- psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)