2 matches found
CVE-2021-40650
In Connx version 6.2.0.1269 (20210623), the application can issue a cookie that is not marked with the Secure flag. This means the cookie could be transmitted over non-HTTPS connections, potentially exposing session data if a user connects without TLS. The available sources describe the issue but...
CVE-2021-40649
In Connx 6.2.0.1269 (20210623), the application can issue a cookie that is not marked HttpOnly. This creates a potential exposure where the cookie could be accessed by client-side scripts, aligning with a CVSS base of 6.4 (NVD) / 6.5 (CVSS3.1) and a MEDIUM severity: network attack vector, low att...