Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HJohnsoncontrols Metasys System Configuration Tool
APPJohnsoncontrols14.0 – 14.2.3 (bez)15.0 – 15.0.3 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2022-21940HIGH7.5ten sam produkt
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configur...
CVE-2020-9044HIGH7.5ten sam produkt
XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate D...
CVE-2021-36203MEDIUM5.3ten sam produkt
The affected product may allow an attacker to identify and forge requests to internal systems by way of a spec...
CVE-2024-32758CRITICAL9.0PL ✓ten sam vendor
Niewystarczająca długość klucza kryptograficznego w komunikacji exacqVision
CVE-2023-4804CRITICAL10.0ten sam vendor
An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.