Lucene search

GoogleOSV:CVE-2022-38846

HistorySep 16, 2022 - 2:15 p.m.

CVE-2022-38846

2022-09-1614:15:09

Google

osv.dev

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.1%

JSON

EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP). An attacker may capture the cookie from the insecure channel using MITM attack.

CPENameOperatorVersion
espocrmeq5.7.0
espocrmeq5.7.2
espocrmeq7.0.1
espocrmeq5.6.0
espocrmeq2.5.0
espocrmeq6.0.0-beta2
espocrmeq7.0.0
espocrmeq7.1.8
espocrmeq4.1.0
espocrmeq4.0.1

Name	Operator	Version
espocrm	eq	5.7.0
espocrm	eq	5.7.2
espocrm	eq	7.0.1
espocrm	eq	5.6.0
espocrm	eq	2.5.0
espocrm	eq	6.0.0-beta2
espocrm	eq	7.0.0
espocrm	eq	7.1.8
espocrm	eq	4.1.0
espocrm	eq	4.0.1

Rows per page:

1-10 of 2131

References

medium.com/cybersecurity-valuelabs/espocrm-7-1-8-is-vulnerable-to-missing-secure-flag-1664bac5ffe4

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.1%

JSON

Related for OSV:CVE-2022-38846