The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager (TEM) prior to 8.2 do not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote malicious users to obtain potentially sensitive information via script access to this cookie.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm tivoli endpoint manager 8.0 |
||
ibm tivoli endpoint manager |