Описание
BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
Ссылки
- MitigationVendor Advisory
- MitigationVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 9.0.0 (включая) до 10.0.2 (включая)
cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.00131
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-319
Связанные уязвимости
github
больше 3 лет назад
BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
EPSS
Процентиль: 33%
0.00131
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-319