CVE-2012-4846

Published Dec 19, 2012

Last updated 3 months ago

CVSS info 4.3

Overview

Description: IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, aka SPRs JMAS7TRNLN and SRAO8U3Q68.
Source: psirt@us.ibm.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57D24791-E798-4B08-A051-E880DEFB8268"
          },
          {
            "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2758590C-67FD-4DD6-84C1-0D32264BBE5F"
          },
          {
            "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7FC083C-B25E-427F-B722-B5ABD4F072F1"
          },
          {
            "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B0CF8A5-BC24-4204-BC06-2E1E2FB60E4D"
          },
          {
            "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CDA723DB-62C5-4C84-B0BA-5313FDA49D73"
          },
          {
            "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "92F08B96-D43E-407E-839C-4C3C5BB58B2B"
          },
          {
            "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E50C779-C780-45FB-BC77-B9717389D2EB"
          },
          {
            "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "867779A4-A7A5-48AD-9AC0-C6476719A5EE"
          },
          {
            "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B7B7544-D60C-4B9A-BC29-B30AD86EC9B9"
          },
          {
            "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D475EF5-DBB3-4B98-BB07-83A2632B5E0D"
          },
          {
            "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F797A209-65C0-4A20-9DA2-C5576C091DE2"
          },
          {
            "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B01BCFA-13B4-4AB3-9558-4B704F6DCFA2"
          },
          {
            "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D027E003-84C9-4290-A032-649C5E66B23B"
          },
          {
            "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D9A13AC-B552-4E86-9E5D-62354D78E49C"
          },
          {
            "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E5CDBCB-F314-453B-B837-B03B53215748"
          },
          {
            "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A92849F-05E0-47DB-AB43-8AC559568D0B"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References