CVE-2012-4846

IBM Lotus Notes <8.5.3 FP3 - Info Disclosure

Title source: llm
STIX 2.1

Description

IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, aka SPRs JMAS7TRNLN and SRAO8U3Q68.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/79535
Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21619604

Scores

EPSS 0.0119
EPSS Percentile 64.3%

Details

CWE
CWE-200
Status published
Products (16)
ibm/lotus_notes 8.5.0.0
ibm/lotus_notes 8.5.0.1
ibm/lotus_notes 8.5.1
ibm/lotus_notes 8.5.1.0
ibm/lotus_notes 8.5.1.1
ibm/lotus_notes 8.5.1.2
ibm/lotus_notes 8.5.1.3
ibm/lotus_notes 8.5.1.4
ibm/lotus_notes 8.5.1.5
ibm/lotus_notes 8.5.2.0
... and 6 more
Published Dec 19, 2012
Tracked Since Feb 18, 2026