Lucene search

[email protected]NVD:CVE-2015-1915

HistoryMay 25, 2015 - 12:59 a.m.

CVE-2015-1915

2015-05-2500:59:10

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.003

Percentile

69.1%

JSON

The Endpoint Manager for Remote Control component in IBM Tivoli Endpoint Manager for Lifecycle Management 9.0.1 before IF6 and 9.1.0 before IF6 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Affected configurations

Nvd

Node

ibmendpoint_manager_familyMatch9.0.1

ibmendpoint_manager_familyMatch9.1.0

VendorProductVersionCPE
ibmendpoint_manager_family9.0.1cpe:2.3:a:ibm:endpoint_manager_family:9.0.1:*:*:*:*:*:*:*
ibmendpoint_manager_family9.1.0cpe:2.3:a:ibm:endpoint_manager_family:9.1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	endpoint_manager_family	9.0.1	cpe:2.3:a:ibm:endpoint_manager_family:9.0.1:::::::*
ibm	endpoint_manager_family	9.1.0	cpe:2.3:a:ibm:endpoint_manager_family:9.1.0:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg1IV72069

www-01.ibm.com/support/docview.wss?uid=swg21882571

www.securityfocus.com/bid/74193

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.003

Percentile

69.1%

JSON

Related for NVD:CVE-2015-1915

cvelist1 prion1 cve1 openvas1