exploitDog

GHSA-mw9r-vp4h-34mp

Опубликовано: 09 фев. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.

Ссылки

EPSS

Процентиль: 32%

0.00122

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-1004

CWE-732

CWE-79

Связанные уязвимости

CVE-2022-21939

CVSS3: 7.5

nvd

почти 3 года назад

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.

EPSS

Процентиль: 32%

0.00122

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-1004

CWE-732

CWE-79