CVE-2024-30155

HCL SX does not set the secure attribute on authorization tokens or session cookies. Attackers may potentially be able to obtain access to the cookie values via a Cross-Site-Forgery-Request CSRF...

CVE-2024-30155

HCL SX does not set the secure attribute on authorization tokens or session cookies. Attackers may potentially be able to obtain access to the cookie values via a Cross-Site-Forgery-Request CSRF...

CVE-2024-10718

In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is not set. This could cause the user agent to send those cookies in plaintext over an HTTP session, potentially exposing sensitive information. The issue is fixed in version 1.7.0...

phpIPAM 安全漏洞

phpIPAM is the phpIPAM open source suite of open source PHP and MySQL based IP address management applications IPAM. A security vulnerability exists in phpIPAM version 1.5.1, which stems from an unset Secure attribute for sensitive cookies in an HTTPS session, which could result in a user agent...

Linux Distros Unpatched Vulnerability : CVE-2023-28708

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies creat...

CVE-2022-3174

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2...

CVE-2022-3251

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca prior to 4.2.2...

CVE-2024-28771

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user...

CVE-2024-55897 IBM PowerHA SystemMirror for i information disclosure

IBM PowerHA SystemMirror for i 7.4 and 7.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure...

CVE-2024-55897 IBM PowerHA SystemMirror for i information disclosure

IBM PowerHA SystemMirror for i 7.4 and 7.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure...

CLSA-2024-1735064733 Fix CVE(s): CVE-2023-28708

SECURITY UPDATE: Missing secure attribute in session cookies with RemoteIpFilter - debian/patches/CVE-2023-28708.patch: Fix JSessionId secure attribute missing with RemoteIpFilter and X-Forwarded-Proto set to https - CVE-2023-28708...

CVE-2024-43180

IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can...

CVE-2024-43180

IBM Concert Software 1.0 is affected by CVE-2024-43180 due to not setting the Secure attribute on authorization tokens or session cookies, enabling potential session hijacking when a user clicks an HTTP link. Affected product/version: IBM Concert Software 1.0. Root cause: cookies not marked secur...

CVE-2024-43180 IBM Concert information disclosure

IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can...

CVE-2024-44575

RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session...

CVE-2024-44575

RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session...

CVE-2024-44575

CVE-2024-44575 affects RELY-PCIe versions 22.2.1–23.1.0. The issue is that the Secure attribute is not set for sensitive cookies in HTTPS sessions, which could allow a user agent to send cookies in cleartext over an HTTP session. The vulnerability is documented with a CVSS v3.1 base score of 3.7 ...

PT-2024-31190 · Rely-Pcie · Rely-Pcie

Name of the Vulnerable Software and Affected Versions: RELY-PCIe versions 22.2.1 through 23.1.0 Description: The issue is related to the failure of setting the Secure attribute for sensitive cookies in HTTPS sessions. This could cause the user agent to send those cookies in cleartext over an HTTP...

CVE-2024-44575

RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session...

Sensitive Cookie In HTTPS Session Without "Secure" Attribute

taipy is vulnerable to Sensitive Cookie in HTTPS Session Without "Secure" Attribute. The vulnerability is due to the improper setting of security flags on session cookies. An attacker can intercept or tamper with the cookie over insecure connections by exploiting the lack of Secure and HttpOnly...