CVE-2012-4592
McAfee Enterprise Mobility Manager < 10.0 - Session Cookie Transmission in Cleartext
Title source: llmDescription
The Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not set the secure flag for the ASP.NET session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/78220
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10022
Scores
EPSS
0.0025
EPSS Percentile
48.3%
Details
Status
published
Products (2)
mcafee/enterprise_mobility_manager
4.7
mcafee/enterprise_mobility_manager
< 9.6
Published
Aug 22, 2012
Tracked Since
Feb 18, 2026