CVE-2012-4592

The Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not set the secure flag for the ASP.NET session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
mcafeeenterprise_mobility_manager
𝑥
≤ 9.6
mcafeeenterprise_mobility_manager
4.7
𝑥
= Vulnerable software versions
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/78220
https://kc.mcafee.com/corporate/index?page=content&id=SB10022
https://exchange.xforce.ibmcloud.com/vulnerabilities/78220
https://kc.mcafee.com/corporate/index?page=content&id=SB10022