Lucene search
IbmCVE-2015-1915HistoryMay 25, 2015 - 12:59 a.m.
CVE-2015-1915
2015-05-2500:59:10
CWE-200
ibm
web.nvd.nist.gov
23
ibm
tivoli
endpoint manager
lifecycle management
security
vulnerability
cve-2015-1915
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
6.5
Confidence
Low
EPSS
0.003
Percentile
69.1%
The Endpoint Manager for Remote Control component in IBM Tivoli Endpoint Manager for Lifecycle Management 9.0.1 before IF6 and 9.1.0 before IF6 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Affected configurations
Node
ibmendpoint_manager_familyMatch9.0.1
ORibmendpoint_manager_familyMatch9.1.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | endpoint_manager_family | 9.0.1 | cpe:2.3:a:ibm:endpoint_manager_family:9.0.1:*:*:*:*:*:*:* |
| ibm | endpoint_manager_family | 9.1.0 | cpe:2.3:a:ibm:endpoint_manager_family:9.1.0:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2015-1915
2015-05-25 00:00:00
prion
prion
Memory corruption
2015-05-25 00:59:00
openvas
openvas
IBM BigFix Remote Control 9.0.1, 9.1.0 Multiple Vulnerabilities
2016-12-07 00:00:00
nvd
nvd
CVE-2015-1915
2015-05-25 00:59:10
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
6.5
Confidence
Low
EPSS
0.003
Percentile
69.1%
Related for CVE-2015-1915