Описание
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. The ASP.NET_Sessionid cookie is not protected by the Secure flag. This makes it prone to interception by an attacker if traffic is sent over unencrypted channels.
Ссылки
- Third Party Advisory
- Release NotesVendor Advisory
- Third Party Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:cherwell:cherwell_service_management:10.2.3:*:*:*:*:*:*:*
EPSS
Процентиль: 38%
0.0017
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-311
Связанные уязвимости
CVSS3: 5.3
github
почти 4 года назад
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. The ASP.NET_Sessionid cookie is not protected by the Secure flag. This makes it prone to interception by an attacker if traffic is sent over unencrypted channels.
EPSS
Процентиль: 38%
0.0017
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-311