The host is installed with IBM Lotus Notes 8.5.x before 8.5.3 FP3 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to include the HTTPOnly flag in a Set-Cookie header for a web-application cookie. Successful exploitation allows remote attackers to obtain potentially sensitive information via script access to this cookie.