Описание
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.
Ссылки
- Third Party AdvisoryUS Government ResourceVDB Entry
- Vendor Advisory
- Third Party AdvisoryUS Government ResourceVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 14.0 (включая) до 14.2.3 (исключая)Версия от 15.0 (включая) до 15.0.3 (исключая)
Одно из
cpe:2.3:a:johnsoncontrols:metasys_system_configuration_tool:*:*:*:*:*:*:*:*
cpe:2.3:a:johnsoncontrols:metasys_system_configuration_tool:*:*:*:*:*:*:*:*
EPSS
Процентиль: 24%
0.00082
Низкий
7.5 High
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-614
CWE-311
Связанные уязвимости
CVSS3: 6.1
github
почти 3 года назад
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.
EPSS
Процентиль: 24%
0.00082
Низкий
7.5 High
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-614
CWE-311