Lucene search
K

6 matches found

Circl
Circl
added 2023/02/10 4:57 p.m.7 views

CVE-2022-21940

creationtimestamp| type| source ---|---|--- 2023-02-10 16:57:49+00:00| seen| https://t.me/cibsecurity/57905...

7.5CVSS6.1AI score0.00372EPSS
Exploits0References1
OSV
OSV
added 2023/02/09 9:15 p.m.6 views

CVE-2022-21940

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool SCT version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie...

6.1CVSS5.8AI score0.00372EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/02/09 8:54 p.m.7 views

CVE-2022-21940 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in System Configuration Tool (SCT)

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool SCT version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie...

7.5CVSS7.1AI score0.00372EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/02/09 8:54 p.m.35 views

CVE-2022-21940 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in System Configuration Tool (SCT)

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool SCT version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie...

7.5CVSS7.6AI score0.00372EPSS
Exploits0References2
CVE
CVE
added 2023/02/09 8:54 p.m.56 views

CVE-2022-21940

Summary : CVE-2022-21940 affects Johnson Controls System Configuration Tool (SCT) versions 14 before 14.2.3 and 15 before 15.0.3. The issue is a sensitive cookie in HTTPS session without the Secure attribute , which could allow cookie exposure. Root cause : cookies accepted in HTTPS sessions with...

7.5CVSS6.5AI score0.00372EPSS
Exploits0References2Affected Software1
ICS
ICS
added 2023/02/09 12:0 a.m.39 views

Johnson Controls System Configuration Tool (SCT)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Johnson Controls Equipment: System Configuration Tool Vulnerabilities: Sensitive Cookie Without ‘HttpOnly’ Flag, Sensitive Cookie in HTTPS Session Without 'Secure' Attribute 2. RISK EVALUATION Successful exploitation of...

7.5CVSS7.3AI score0.00546EPSS
Exploits0References4
Rows per page
Query Builder