IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookies.Referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/74038
