CVE-2021-42699

Опубликовано: 05 нояб. 2021

Источник: nvd

CVSS3: 5.7

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. An attacker can capture network traffic, obtain the user’s cookie and take over the account.

Ссылки

https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02
Third Party Advisory
US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:azeotech:daqfactory:*:*:*:*:*:*:*:*

Версия до 18.1 (включая)

cpe:2.3:a:azeotech:daqfactory:18.1:build_2347:*:*:*:*:*:*

EPSS

Процентиль: 25%

0.00086

Низкий

5.7 Medium

CVSS3

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-319

Связанные уязвимости

GHSA-86mm-qq2x-p28p

github

больше 3 лет назад

The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. An attacker can capture network traffic, obtain the user’s cookie and take over the account.

EPSS

Процентиль: 25%

0.00086

Низкий

5.7 Medium

CVSS3

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-319