CVE-2012-4846

IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, aka SPRs JMAS7TRNLN and SRAO8U3Q68.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
VendorProductVersion
ibmlotus_notes
8.5.0.0
ibmlotus_notes
8.5.0.1
ibmlotus_notes
8.5.1
ibmlotus_notes
8.5.1.0
ibmlotus_notes
8.5.1.1
ibmlotus_notes
8.5.1.2
ibmlotus_notes
8.5.1.3
ibmlotus_notes
8.5.1.4
ibmlotus_notes
8.5.1.5
ibmlotus_notes
8.5.2.0
ibmlotus_notes
8.5.2.1
ibmlotus_notes
8.5.2.2
ibmlotus_notes
8.5.2.3
ibmlotus_notes
8.5.3
ibmlotus_notes
8.5.3.1
ibmlotus_notes
8.5.3.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.ibm.com/support/docview.wss?uid=swg21619604
http://www.ibm.com/support/docview.wss?uid=swg21620361
https://exchange.xforce.ibmcloud.com/vulnerabilities/79535
http://www.ibm.com/support/docview.wss?uid=swg21619604
http://www.ibm.com/support/docview.wss?uid=swg21620361
https://exchange.xforce.ibmcloud.com/vulnerabilities/79535