Information disclosure in Ibm Endpoint_manager_family

CVE-2015-1915

The Endpoint Manager for Remote Control component in IBM Tivoli Endpoint Manager for Lifecycle Management 9.0.1 before IF6 and 9.1.0 before IF6 does not set the secure flag for the session cookie in an https session, which makes it easier…

Vulnerability class: Information Disclosure

EPSS: 0.003 (51.3th percentile) — read the EPSS interpretation.

Affected products

Ibm Endpoint_manager_family — versions 9.0.1, 9.1.0
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

74193 (vdb-entry, x_refsource_BID)
psirt@us.ibm.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
IV72069 (vendor-advisory, Patch, x_refsource_AIXAPAR, Vendor Advisory)