2 matches found
CVE-2022-26157
An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. The ASP.NETSessionid cookie is not protected by the Secure flag. This makes it prone to interception by an attacker if traffic is sent over unencrypted channels...
CVE-2022-26157
CVE-2022-26157 affects Cherwell Service Management (CSM) 10.2.3. The issue is that the ASP.NET_Sessionid cookie is not protected with the Secure flag, allowing potential interception if traffic is not encrypted. The available documents consistently describe: the vulnerable component is the ASP.NE...