Описание
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.
Ссылки
- Third Party AdvisoryUS Government ResourceVDB Entry
- Vendor Advisory
- Third Party AdvisoryUS Government ResourceVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 14.0 (включая) до 14.2.3 (исключая)Версия от 15.0 (включая) до 15.0.3 (исключая)
Одно из
cpe:2.3:a:johnsoncontrols:metasys_system_configuration_tool:*:*:*:*:*:*:*:*
cpe:2.3:a:johnsoncontrols:metasys_system_configuration_tool:*:*:*:*:*:*:*:*
EPSS
Процентиль: 32%
0.00122
Низкий
7.5 High
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-1004
CWE-732
Связанные уязвимости
CVSS3: 6.1
github
почти 3 года назад
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.
EPSS
Процентиль: 32%
0.00122
Низкий
7.5 High
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-1004
CWE-732