47 matches found
The vulnerability of the IBM Security Directory Integrator and the IBM Security Verify Directory Integrator data integration tools lies in the absence of a “Secure” flag in the session cookies. This allows attackers to gain unauthorized access to protected information.
The vulnerability of the IBM Security Directory Integrator and the IBM Security Verify Directory Integrator data integration tools is related to the absence of the “Secure” flag in the session cookies. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain...
The vulnerability in the web client of IBM Datacap Navigator software for document collection and processing involves the absence of a “Secure” flag in session cookies. This allows an attacker to gain unauthorized access to protected information.
The vulnerability of the IBM Datacap Navigator web client software for document collection and processing lies in the absence of a “Secure” flag in the session cookies. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information by intercepting the...
The vulnerability of the software for monitoring and analyzing network traffic in industrial networks, SINEC Traffic Analyzer, allows a intruder to gain unauthorized access to protected information.
The vulnerability of the SINEC Traffic Analyzer software for monitoring and analyzing network traffic in industrial networks stems from the absence of the "Secure", "HttpOnly", or "SameSite" flags in session cookie files. Exploiting this vulnerability can allow an unauthorized attacker to gain...
The vulnerability of Moxa PT-G503 Ethernet switches’ microprogramming software lies in the absence of a “secure” flag in session cookies, allowing attackers to gain unauthorized access to protected information.
The vulnerability of Moxa PT-G503 Ethernet switches’ microprogramming software is related to the absence of a “secure” flag in the session cookie files. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...
SUSE CVE-2013-7436
noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
SUSE CVE-2015-8470
The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSESSIONID cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...
UBUNTU-CVE-2018-25060
A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The complexity of a...
CVE-2022-32777
An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses the secure flag, which allows the...
CVE-2021-40650
In Connx Version 6.2.0.1269 20210623, a cookie can be issued by the application and not have the secure flag set...
The vulnerability of the microprogramming software for the Desigo DXR2, PXC3, PXC4, and PXC5 unit stations involves the absence of the “Secure”, “HttpOnly”, or “SameSite” flags in the session cookie files. This allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the microprogramming software for the Desigo DXR2, PXC3, PXC4, and PXC5 station modules is related to the absence of the “Secure”, “HttpOnly”, or “SameSite” flags in the session cookies files. Exploiting this vulnerability can allow an attacker to gain unauthorized access to...
PT-2022-2718 · Siemens · Desigo Pxc4 +3
Name of the Vulnerable Software and Affected Versions: Desigo DXR2 versions prior to V01.21.142.5-22 Desigo PXC3 versions prior to V01.21.142.4-18 Desigo PXC4 versions prior to V02.20.142.10-10884 Desigo PXC5 versions prior to V02.20.142.10-10884 Description: The issue is related to the applicati...
CVE-2020-26732
SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...
IBM BigFix Inventory 代码问题漏洞
IBM BigFix Inventory is a suite of solutions for software control and security risk mitigation from IBM USA. A security vulnerability exists in versions prior to IBM BigFix Inventory v10.0.2 that stems from a failure to set a security flag for a session cookie in an https session, which could...
Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ
It was found that Hawtio console does not set HTTPOnly or Secure attributes on cookies. An attacker could use this flaw to rerieve an authenticated user's SessionID, and possibly conduct further attacks with the permissions of the authenticated user...
Synology Router Manager Information Disclosure Vulnerability (CNVD-2020-60453)
Synology Router Manager SRM is a software for configuring and managing Synology routers from Synology Inc. of Taiwan, China. A security vulnerability exists in Synology Router Manager SRM versions prior to 1.2.4-8081, which stems from not setting a security flag for a session cookie in an HTTPS...
CVE-2020-4749
IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure li...
IBM Planning Analytics Licensing Issues Vulnerabilities
IBM Planning Analytics is a suite of business planning and analytics solutions from IBM USA. The solution supports automated execution of processes such as business planning, budgeting and analysis. A security vulnerability exists in IBM Planning Analytics version 2.0, which stems from the...
CVE-2019-19090
For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping...
PT-2020-6882 · Abb · Abb Esoms
Name of the Vulnerable Software and Affected Versions: ABB eSOMS versions 4.0 to 6.0.2 Description: The issue is related to the absence of the Secure Flag in the HTTP response header, which may allow unencrypted connections to access cookie information, making it susceptible to eavesdropping. Thi...
CVE-2019-19739
MFScripts YetiShare 3.5.2 through 4.5.3 does not set the Secure flag on session cookies, allowing the cookie to be sent over cleartext channels...