CVE-2022-25151

Опубликовано: 09 июн. 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Within the Service Desk module of the ITarian platform (SAAS and on-premise), a remote attacker can obtain sensitive information, caused by the failure to set the HTTP Only flag. A remote attacker could exploit this vulnerability to gain access to the management interface by using this vulnerability in combination with a successful Cross-Site Scripting attack on a user.

Ссылки

https://csirt.divd.nl/CVE-2022-25151
Third Party Advisory
https://csirt.divd.nl/DIVD-2021-00037
Third Party Advisory
https://csirt.divd.nl/CVE-2022-25151
Third Party Advisory
https://csirt.divd.nl/DIVD-2021-00037
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:itarian:on-premise:*:*:*:*:*:*:*:*

Версия до 6.35.37347.20040 (исключая)

cpe:2.3:a:itarian:saas_service_desk:*:*:*:*:*:*:*:*

Версия до 6.35.37347.20040 (исключая)

EPSS

Процентиль: 52%

0.00286

Низкий

7.5 High

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-614

CWE-732

Связанные уязвимости

GHSA-74c8-v93w-3c2c

CVSS3: 7.5

github

больше 3 лет назад

EPSS

Процентиль: 52%

0.00286

Низкий

7.5 High

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-614

CWE-732