IBM Security Bulletin: Missing Secure Attribute in Encrypted Session (SSL) Cookie affects IBM Endpoint Manager for Remote Control
|
System information
|
|
|
Affected software |
IBM |
Description
|
An encrypted IBM Endpoint Manager for Remote Control session (SSL) is using a cookie without the secure attribute. This could allow a remote attacker to obtain sensitive information. CVE(s): CVE-2015-1915 Affected product(s) and affected version(s): IBM Endpoint Manager for Remote Control versions 9.1.0 and 9.0.1 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21882571
More info:
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_missing_secure_attribute_in_encrypted_session_ssl_cookie_affects_ibm_endpoint_manager_for_remote_control?lang=en_us |
Standar resources
|
Property |
Value |
CVE |
CVE-2015-1915 ,CVE-2014-0227 ,CVE-2015-0138 ,CVE-2014-6593 ,CVE-2015-0400 ,CVE-2015-0410 and CVE-2014-3566. |