IBM Lotus Notes 8.5.x prior to 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote malicious users to obtain potentially sensitive information via script access to this cookie, aka SPRs JMAS7TRNLN and SRAO8U3Q68.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm lotus notes 8.5.1.5 |
||
ibm lotus notes 8.5.1.3 |
||
ibm lotus notes 8.5.3.1 |
||
ibm lotus notes 8.5.3.2 |
||
ibm lotus notes 8.5.1.0 |
||
ibm lotus notes 8.5.1.2 |
||
ibm lotus notes 8.5.2.3 |
||
ibm lotus notes 8.5.2.0 |
||
ibm lotus notes 8.5.0.0 |
||
ibm lotus notes 8.5.0.1 |
||
ibm lotus notes 8.5.1.4 |
||
ibm lotus notes 8.5.2.2 |
||
ibm lotus notes 8.5.1 |
||
ibm lotus notes 8.5.1.1 |
||
ibm lotus notes 8.5.2.1 |
||
ibm lotus notes 8.5.3 |