Lucene search
+L

47 matches found

bdu_fstec
bdu_fstec
added 2025/02/03 12:0 a.m.6 views

The vulnerability of the IBM Security Directory Integrator and the IBM Security Verify Directory Integrator data integration tools lies in the absence of a “Secure” flag in the session cookies. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the IBM Security Directory Integrator and the IBM Security Verify Directory Integrator data integration tools is related to the absence of the “Secure” flag in the session cookies. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain...

4.9CVSS5.5AI score0.00175EPSS
Exploits0References3Affected Software2
bdu_fstec
bdu_fstec
added 2024/08/01 12:0 a.m.6 views

The vulnerability in the web client of IBM Datacap Navigator software for document collection and processing involves the absence of a “Secure” flag in session cookies. This allows an attacker to gain unauthorized access to protected information.

The vulnerability of the IBM Datacap Navigator web client software for document collection and processing lies in the absence of a “Secure” flag in the session cookies. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information by intercepting the...

5CVSS5.5AI score0.00233EPSS
Exploits0References4Affected Software1
bdu_fstec
bdu_fstec
added 2024/07/05 12:0 a.m.6 views

The vulnerability of the software for monitoring and analyzing network traffic in industrial networks, SINEC Traffic Analyzer, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the SINEC Traffic Analyzer software for monitoring and analyzing network traffic in industrial networks stems from the absence of the "Secure", "HttpOnly", or "SameSite" flags in session cookie files. Exploiting this vulnerability can allow an unauthorized attacker to gain...

6.8CVSS7.2AI score0.00216EPSS
Exploits0References3Affected Software1
bdu_fstec
bdu_fstec
added 2023/11/15 12:0 a.m.7 views

The vulnerability of Moxa PT-G503 Ethernet switches’ microprogramming software lies in the absence of a “secure” flag in session cookies, allowing attackers to gain unauthorized access to protected information.

The vulnerability of Moxa PT-G503 Ethernet switches’ microprogramming software is related to the absence of a “secure” flag in the session cookie files. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

3.1CVSS5.9AI score0.00211EPSS
Exploits0References3Affected Software1
susecve
susecve
added 2023/02/15 5:33 a.m.3 views

SUSE CVE-2013-7436

noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

4.3CVSS6.8AI score0.02183EPSS
Exploits0References4
susecve
susecve
added 2023/02/15 5:11 a.m.4 views

SUSE CVE-2015-8470

The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSESSIONID cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...

6.5CVSS6.9AI score0.0162EPSS
Exploits0References3
osv
osv
added 2022/12/30 12:15 p.m.6 views

UBUNTU-CVE-2018-25060

A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The complexity of a...

7.5CVSS4.4AI score0.00515EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2022/08/22 6:28 p.m.6 views

CVE-2022-32777

An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses the secure flag, which allows the...

7.5CVSS7.2AI score0.01983EPSS
Exploits0References2
osv
osv
added 2022/06/14 10:15 a.m.3 views

CVE-2021-40650

In Connx Version 6.2.0.1269 20210623, a cookie can be issued by the application and not have the secure flag set...

6.5CVSS5.8AI score0.00728EPSS
Exploits1References2
bdu_fstec
bdu_fstec
added 2022/05/31 12:0 a.m.9 views

The vulnerability of the microprogramming software for the Desigo DXR2, PXC3, PXC4, and PXC5 unit stations involves the absence of the “Secure”, “HttpOnly”, or “SameSite” flags in the session cookie files. This allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the microprogramming software for the Desigo DXR2, PXC3, PXC4, and PXC5 station modules is related to the absence of the “Secure”, “HttpOnly”, or “SameSite” flags in the session cookies files. Exploiting this vulnerability can allow an attacker to gain unauthorized access to...

7.8CVSS6.5AI score0.00573EPSS
Exploits0References3Affected Software4
ptsecurity
ptsecurity
added 2022/05/10 12:0 a.m.20 views

PT-2022-2718 · Siemens · Desigo Pxc4 +3

Name of the Vulnerable Software and Affected Versions: Desigo DXR2 versions prior to V01.21.142.5-22 Desigo PXC3 versions prior to V01.21.142.4-18 Desigo PXC4 versions prior to V02.20.142.10-10884 Desigo PXC5 versions prior to V02.20.142.10-10884 Description: The issue is related to the applicati...

7.8CVSS6.4AI score0.00573EPSS
Exploits0References4
osv
osv
added 2021/01/14 4:15 p.m.2 views

CVE-2020-26732

SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...

7.5CVSS5.8AI score0.0151EPSS
Exploits0References1
cnnvd
cnnvd
added 2020/12/16 12:0 a.m.7 views

IBM BigFix Inventory 代码问题漏洞

IBM BigFix Inventory is a suite of solutions for software control and security risk mitigation from IBM USA. A security vulnerability exists in versions prior to IBM BigFix Inventory v10.0.2 that stems from a failure to set a security flag for a session cookie in an https session, which could...

5.3CVSS6.1AI score0.00664EPSS
Exploits0References2
redhat
redhat
added 2020/12/08 8:55 a.m.6 views

Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ

It was found that Hawtio console does not set HTTPOnly or Secure attributes on cookies. An attacker could use this flaw to rerieve an authenticated user's SessionID, and possibly conduct further attacks with the permissions of the authenticated user...

7.5CVSS5.8AI score0.02204EPSS
Exploits0References4
cnvd
cnvd
added 2020/10/30 12:0 a.m.4 views

Synology Router Manager Information Disclosure Vulnerability (CNVD-2020-60453)

Synology Router Manager SRM is a software for configuring and managing Synology routers from Synology Inc. of Taiwan, China. A security vulnerability exists in Synology Router Manager SRM versions prior to 1.2.4-8081, which stems from not setting a security flag for a session cookie in an HTTPS...

8.1CVSS6.8AI score0.00762EPSS
Exploits1References1
osv
osv
added 2020/10/20 3:15 p.m.5 views

CVE-2020-4749

IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure li...

4.3CVSS5.6AI score0.01001EPSS
Exploits0References2
cnvd
cnvd
added 2020/07/21 12:0 a.m.3 views

IBM Planning Analytics Licensing Issues Vulnerabilities

IBM Planning Analytics is a suite of business planning and analytics solutions from IBM USA. The solution supports automated execution of processes such as business planning, budgeting and analysis. A security vulnerability exists in IBM Planning Analytics version 2.0, which stems from the...

5.9CVSS6.8AI score0.01331EPSS
Exploits0References1
osv
osv
added 2020/04/02 8:15 p.m.3 views

CVE-2019-19090

For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping...

3.5CVSS5.8AI score0.00517EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2020/02/17 12:0 a.m.5 views

PT-2020-6882 · Abb · Abb Esoms

Name of the Vulnerable Software and Affected Versions: ABB eSOMS versions 4.0 to 6.0.2 Description: The issue is related to the absence of the Secure Flag in the HTTP response header, which may allow unencrypted connections to access cookie information, making it susceptible to eavesdropping. Thi...

4CVSS3.8AI score0.00517EPSS
Exploits0References6
osv
osv
added 2019/12/30 5:15 p.m.2 views

CVE-2019-19739

MFScripts YetiShare 3.5.2 through 4.5.3 does not set the Secure flag on session cookies, allowing the cookie to be sent over cleartext channels...

7.5CVSS5.8AI score0.00666EPSS
Exploits0References1
Rows per page
Query Builder