Описание
NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel.
Ссылки
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.1 (исключая)
cpe:2.3:a:netapp:snapcenter_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 35%
0.00142
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-311
Связанные уязвимости
CVSS3: 5.3
github
больше 3 лет назад
NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel.
EPSS
Процентиль: 35%
0.00142
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-311