6 matches found
CVE-2022-21940
creationtimestamp| type| source ---|---|--- 2023-02-10 16:57:49+00:00| seen| https://t.me/cibsecurity/57905...
CVE-2022-21940
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool SCT version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie...
CVE-2022-21940 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in System Configuration Tool (SCT)
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool SCT version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie...
CVE-2022-21940 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in System Configuration Tool (SCT)
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool SCT version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie...
CVE-2022-21940
Summary : CVE-2022-21940 affects Johnson Controls System Configuration Tool (SCT) versions 14 before 14.2.3 and 15 before 15.0.3. The issue is a sensitive cookie in HTTPS session without the Secure attribute , which could allow cookie exposure. Root cause : cookies accepted in HTTPS sessions with...
Johnson Controls System Configuration Tool (SCT)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Johnson Controls Equipment: System Configuration Tool Vulnerabilities: Sensitive Cookie Without ‘HttpOnly’ Flag, Sensitive Cookie in HTTPS Session Without 'Secure' Attribute 2. RISK EVALUATION Successful exploitation of...