Skip to main content

Lotus Notes CVE-2012-4846

MEDIUM
Information Exposure (CWE-200)
2012-12-19 psirt@us.ibm.com
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:P/I:N/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 19, 2012 - 11:55 cve.org
MEDIUM 4.3

DescriptionCVE.org

IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, aka SPRs JMAS7TRNLN and SRAO8U3Q68.

AnalysisAI

IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, aka SPRs JMAS7TRNLN and SRAO8U3Q68. Affected products include: Ibm Lotus Notes. Version information: before 8.5.3.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2012-2174 CRITICAL POC
9.3 Jun 20

The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted

CVE-2012-4823 CRITICAL
9.3 Jan 11

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 an

CVE-2012-4822 CRITICAL
9.3 Jan 11

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Jav

CVE-2012-4820 CRITICAL
9.3 Jan 11

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 an

CVE-2012-6349 CRITICAL
9.3 Jul 18

Buffer overflow in the .mdb parser in Autonomy KeyView IDOL, as used in IBM Notes 8.5.x before 8.5.3 FP4, allows remote

CVE-2012-4821 CRITICAL
9.3 Jan 11

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Jav

CVE-2013-2977 MEDIUM
6.8 May 10

Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and 9.x before 9.0 Interim Fix 1 on Windows, and 8.5.

CVE-2014-3086 HIGH
7.5 Aug 12

Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7

CVE-2013-0536 HIGH
7.2 Jun 21

ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3 before FP

CVE-2013-0127 MEDIUM
5.8 May 01

IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e

CVE-2014-0892 MEDIUM
5.0 Apr 23

IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 FP1 on 32-bit Linux platforms use incorrect gcc opt

CVE-2013-0538 MEDIUM
4.3 May 01

Cross-site scripting (XSS) vulnerability in IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fi

Share

CVE-2012-4846 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy