CWE-614
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.
CVE-2015-3207 (GCVE-0-2015-3207)
Vulnerability from cvelistv5
Published
2022-07-07 12:25
Modified
2024-08-06 05:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Openshift Origin |
Version: Openshift Origin 3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:31.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221882"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openshift/origin/pull/2261"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openshift/origin/pull/2291"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Openshift Origin",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Openshift Origin 3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Openshift Origin 3 the cookies being set in console have no \u0027secure\u0027, \u0027HttpOnly\u0027 attributes."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-614",
"description": "CWE-614",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-07T12:25:43",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221882"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openshift/origin/pull/2261"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openshift/origin/pull/2291"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Openshift Origin",
"version": {
"version_data": [
{
"version_value": "Openshift Origin 3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Openshift Origin 3 the cookies being set in console have no \u0027secure\u0027, \u0027HttpOnly\u0027 attributes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-614"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1221882",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221882"
},
{
"name": "https://github.com/openshift/origin/pull/2261",
"refsource": "MISC",
"url": "https://github.com/openshift/origin/pull/2261"
},
{
"name": "https://github.com/openshift/origin/pull/2291",
"refsource": "MISC",
"url": "https://github.com/openshift/origin/pull/2291"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3207",
"datePublished": "2022-07-07T12:25:43",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:31.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-25060 (GCVE-0-2018-25060)
Vulnerability from cvelistv5
Published
2022-12-30 11:47
Modified
2024-08-05 12:26
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-614 - Sensitive Cookie Without Secure Attribute
Summary
A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as dadd1711a617000b70e5e408a76531b73187031c. It is recommended to apply a patch to fix this issue. VDB-217058 is the identifier assigned to this vulnerability.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:26:39.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.217058"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.217058"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/go-macaron/csrf/pull/7"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/go-macaron/csrf/commit/dadd1711a617000b70e5e408a76531b73187031c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "csrf",
"vendor": "Macaron",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB GitHub Commit Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as dadd1711a617000b70e5e408a76531b73187031c. It is recommended to apply a patch to fix this issue. VDB-217058 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Macaron csrf gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei csrf.go. Mittels Manipulieren des Arguments Generate mit unbekannten Daten kann eine sensitive cookie without secure attribute-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Patch wird als dadd1711a617000b70e5e408a76531b73187031c bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-614",
"description": "CWE-614 Sensitive Cookie Without Secure Attribute",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T12:11:40.501Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.217058"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.217058"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/go-macaron/csrf/pull/7"
},
{
"tags": [
"patch"
],
"url": "https://github.com/go-macaron/csrf/commit/dadd1711a617000b70e5e408a76531b73187031c"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-12-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2022-12-30T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2022-12-30T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-01-26T09:25:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "Macaron csrf csrf.go missing secure attribute"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2018-25060",
"datePublished": "2022-12-30T11:47:29.633Z",
"dateReserved": "2022-12-30T11:46:16.222Z",
"dateUpdated": "2024-08-05T12:26:39.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27650 (GCVE-0-2020-27650)
Vulnerability from cvelistv5
Published
2020-10-29 09:00
Modified
2024-09-16 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Summary
Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Synology | DiskStation Manager (DSM) |
Version: unspecified < 6.2.3-25426-2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:45.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DiskStation Manager (DSM)",
"vendor": "Synology",
"versions": [
{
"lessThan": "6.2.3-25426-2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-10-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-614",
"description": "CWE-614: Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-29T09:00:25",
"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"shortName": "synology"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2020-10-29T00:00:00",
"ID": "CVE-2020-27650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DiskStation Manager (DSM)",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "6.2.3-25426-2"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.8",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-614: Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/security/advisory/Synology_SA_20_18",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"assignerShortName": "synology",
"cveId": "CVE-2020-27650",
"datePublished": "2020-10-29T09:00:25.555729Z",
"dateReserved": "2020-10-22T00:00:00",
"dateUpdated": "2024-09-16T23:10:20.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27651 (GCVE-0-2020-27651)
Vulnerability from cvelistv5
Published
2020-10-29 08:55
Modified
2024-09-16 16:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Summary
Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Synology | Synology Router Manager (SRM) |
Version: unspecified < 1.2.4-8081 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:45.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Synology Router Manager (SRM)",
"vendor": "Synology",
"versions": [
{
"lessThan": "1.2.4-8081",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-10-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-614",
"description": "CWE-614: Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-29T20:06:17",
"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"shortName": "synology"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2020-10-29T00:00:00",
"ID": "CVE-2020-27651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Synology Router Manager (SRM)",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "1.2.4-8081"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.8",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-614: Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/security/advisory/Synology_SA_20_14",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_14"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1059",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"assignerShortName": "synology",
"cveId": "CVE-2020-27651",
"datePublished": "2020-10-29T08:55:20.903504Z",
"dateReserved": "2020-10-22T00:00:00",
"dateUpdated": "2024-09-16T16:53:56.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-29024 (GCVE-0-2020-29024)
Vulnerability from cvelistv5
Published
2021-02-16 15:07
Modified
2024-09-16 16:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Summary
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Secomea | GateManager |
Version: all < 9.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:48:01.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.secomea.com/support/cybersecurity-advisory/#2418"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GateManager",
"vendor": "Secomea",
"versions": [
{
"lessThan": "9.3",
"status": "affected",
"version": "all",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-02-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-614",
"description": "CWE-614 Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-16T15:07:41",
"orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
"shortName": "Secomea"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.secomea.com/support/cybersecurity-advisory/#2418"
}
],
"source": {
"defect": [
"RD-2418"
],
"discovery": "EXTERNAL"
},
"title": "Missing HtppOnly and Secure flags",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "VulnerabilityReporting@secomea.com",
"DATE_PUBLIC": "2021-02-16T00:00:00.000Z",
"ID": "CVE-2020-29024",
"STATE": "PUBLIC",
"TITLE": "Missing HtppOnly and Secure flags"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GateManager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "all",
"version_value": "9.3"
}
]
}
}
]
},
"vendor_name": "Secomea"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-614 Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.secomea.com/support/cybersecurity-advisory/#2418",
"refsource": "MISC",
"url": "https://www.secomea.com/support/cybersecurity-advisory/#2418"
}
]
},
"source": {
"defect": [
"RD-2418"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
"assignerShortName": "Secomea",
"cveId": "CVE-2020-29024",
"datePublished": "2021-02-16T15:07:41.787580Z",
"dateReserved": "2020-11-24T00:00:00",
"dateUpdated": "2024-09-16T16:38:40.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27764 (GCVE-0-2021-27764)
Vulnerability from cvelistv5
Published
2022-05-06 18:10
Modified
2024-09-16 19:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Summary
Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. (WebUI)
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL BigFix WebUI |
Version: 9.0, 10.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097778"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL BigFix WebUI",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "9.0, 10.0"
}
]
}
],
"datePublic": "2022-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. (WebUI)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-614",
"description": "CWE-614 Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-09T20:15:11",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097778"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL BigFix WebUI Cookie missing attributes",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"DATE_PUBLIC": "2022-04-07T00:00:00.000Z",
"ID": "CVE-2021-27764",
"STATE": "PUBLIC",
"TITLE": "HCL BigFix WebUI Cookie missing attributes"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL BigFix WebUI",
"version": {
"version_data": [
{
"version_value": "9.0, 10.0"
}
]
}
}
]
},
"vendor_name": "HCL Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. (WebUI)"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-614 Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097778",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097778"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2021-27764",
"datePublished": "2022-05-06T18:10:35.347152Z",
"dateReserved": "2021-02-26T00:00:00",
"dateUpdated": "2024-09-16T19:09:03.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35236 (GCVE-0-2021-35236)
Vulnerability from cvelistv5
Published
2021-10-27 00:57
Modified
2024-09-16 21:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Summary
The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted requests. If the application can be accessed over both HTTP, there is a potential for the cookie can be sent in clear text.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Kiwi Syslog Server |
Version: 9.7.2 and Previous Versions < 9.8 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:33:51.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.solarwinds.com/en/success_center/kss/content/release_notes/kss_9-8_release_notes.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35236"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kiwi Syslog Server",
"vendor": "SolarWinds",
"versions": [
{
"lessThan": "9.8",
"status": "affected",
"version": "9.7.2 and Previous Versions",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted requests. If the application can be accessed over both HTTP, there is a potential for the cookie can be sent in clear text."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-614",
"description": "CWE-614 Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-27T00:57:02",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.solarwinds.com/en/success_center/kss/content/release_notes/kss_9-8_release_notes.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35236"
}
],
"solutions": [
{
"lang": "en",
"value": "SolarWinds advises Kiwi Syslog Server customers to upgrade to the latest version (9.8) once it becomes generally available."
}
],
"source": {
"defect": [
"CVE-2021-35236"
],
"discovery": "UNKNOWN"
},
"title": "Missing Secure Flag From SSL Cookie",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@solarwinds.com",
"DATE_PUBLIC": "2021-10-14T14:48:00.000Z",
"ID": "CVE-2021-35236",
"STATE": "PUBLIC",
"TITLE": "Missing Secure Flag From SSL Cookie"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kiwi Syslog Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "9.7.2 and Previous Versions",
"version_value": "9.8"
}
]
}
}
]
},
"vendor_name": "SolarWinds"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted requests. If the application can be accessed over both HTTP, there is a potential for the cookie can be sent in clear text."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-614 Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.solarwinds.com/en/success_center/kss/content/release_notes/kss_9-8_release_notes.htm",
"refsource": "MISC",
"url": "https://documentation.solarwinds.com/en/success_center/kss/content/release_notes/kss_9-8_release_notes.htm"
},
{
"name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35236",
"refsource": "MISC",
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35236"
}
]
},
"solution": [
{
"lang": "en",
"value": "SolarWinds advises Kiwi Syslog Server customers to upgrade to the latest version (9.8) once it becomes generally available."
}
],
"source": {
"defect": [
"CVE-2021-35236"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2021-35236",
"datePublished": "2021-10-27T00:57:02.178772Z",
"dateReserved": "2021-06-22T00:00:00",
"dateUpdated": "2024-09-16T21:56:34.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3882 (GCVE-0-2021-3882)
Vulnerability from cvelistv5
Published
2021-10-14 08:20
Modified
2024-08-03 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Summary
LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection (HTTP), an attacker may be able to obtain the authentication data by capturing network traffic. LedgerSMB 1.8 and newer switched from Basic authentication to using cookie authentication with encrypted cookies. Although an attacker can't access the information inside the cookie, nor the password of the user, possession of the cookie is enough to access the application as the user from which the cookie has been obtained. In order for the attacker to obtain the cookie, first of all the server must be configured to respond to unencrypted requests, the attacker must be suitably positioned to eavesdrop on the network traffic between the client and the server *and* the user must be tricked into using unencrypted HTTP traffic. Proper audit control and separation of duties limit Integrity impact of the attack vector. Users of LedgerSMB 1.8 are urged to upgrade to known-fixed versions. Users of LedgerSMB 1.7 or 1.9 are unaffected by this vulnerability and don't need to take action. As a workaround, users may configure their Apache or Nginx reverse proxy to add the Secure attribute at the network boundary instead of relying on LedgerSMB. For Apache, please refer to the 'Header always edit' configuration command in the mod_headers module. For Nginx, please refer to the 'proxy_cookie_flags' configuration command.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ledgersmb | ledgersmb/ledgersmb |
Version: 1.8.0 < unspecified Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/7061d97a-98a5-495a-8ba0-3a4c66091e9d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ledgersmb/ledgersmb/commit/c242f5a2abf4b99b0da205473cbba034f306bfe2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ledgersmb.org/cve-2021-3882-sensitive-non-secure-cookie"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ledgersmb/ledgersmb",
"vendor": "ledgersmb",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.8.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.8.21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LedgerSMB does not set the \u0027Secure\u0027 attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection (HTTP), an attacker may be able to obtain the authentication data by capturing network traffic. LedgerSMB 1.8 and newer switched from Basic authentication to using cookie authentication with encrypted cookies. Although an attacker can\u0027t access the information inside the cookie, nor the password of the user, possession of the cookie is enough to access the application as the user from which the cookie has been obtained. In order for the attacker to obtain the cookie, first of all the server must be configured to respond to unencrypted requests, the attacker must be suitably positioned to eavesdrop on the network traffic between the client and the server *and* the user must be tricked into using unencrypted HTTP traffic. Proper audit control and separation of duties limit Integrity impact of the attack vector. Users of LedgerSMB 1.8 are urged to upgrade to known-fixed versions. Users of LedgerSMB 1.7 or 1.9 are unaffected by this vulnerability and don\u0027t need to take action. As a workaround, users may configure their Apache or Nginx reverse proxy to add the Secure attribute at the network boundary instead of relying on LedgerSMB. For Apache, please refer to the \u0027Header always edit\u0027 configuration command in the mod_headers module. For Nginx, please refer to the \u0027proxy_cookie_flags\u0027 configuration command."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-614",
"description": "CWE-614 Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-14T08:20:11",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/7061d97a-98a5-495a-8ba0-3a4c66091e9d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ledgersmb/ledgersmb/commit/c242f5a2abf4b99b0da205473cbba034f306bfe2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ledgersmb.org/cve-2021-3882-sensitive-non-secure-cookie"
}
],
"source": {
"advisory": "7061d97a-98a5-495a-8ba0-3a4c66091e9d",
"discovery": "EXTERNAL"
},
"title": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute in ledgersmb/ledgersmb",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3882",
"STATE": "PUBLIC",
"TITLE": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute in ledgersmb/ledgersmb"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ledgersmb/ledgersmb",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.8.0"
},
{
"version_affected": "\u003c=",
"version_value": "1.8.21"
}
]
}
}
]
},
"vendor_name": "ledgersmb"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LedgerSMB does not set the \u0027Secure\u0027 attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection (HTTP), an attacker may be able to obtain the authentication data by capturing network traffic. LedgerSMB 1.8 and newer switched from Basic authentication to using cookie authentication with encrypted cookies. Although an attacker can\u0027t access the information inside the cookie, nor the password of the user, possession of the cookie is enough to access the application as the user from which the cookie has been obtained. In order for the attacker to obtain the cookie, first of all the server must be configured to respond to unencrypted requests, the attacker must be suitably positioned to eavesdrop on the network traffic between the client and the server *and* the user must be tricked into using unencrypted HTTP traffic. Proper audit control and separation of duties limit Integrity impact of the attack vector. Users of LedgerSMB 1.8 are urged to upgrade to known-fixed versions. Users of LedgerSMB 1.7 or 1.9 are unaffected by this vulnerability and don\u0027t need to take action. As a workaround, users may configure their Apache or Nginx reverse proxy to add the Secure attribute at the network boundary instead of relying on LedgerSMB. For Apache, please refer to the \u0027Header always edit\u0027 configuration command in the mod_headers module. For Nginx, please refer to the \u0027proxy_cookie_flags\u0027 configuration command."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-614 Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/7061d97a-98a5-495a-8ba0-3a4c66091e9d",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/7061d97a-98a5-495a-8ba0-3a4c66091e9d"
},
{
"name": "https://github.com/ledgersmb/ledgersmb/commit/c242f5a2abf4b99b0da205473cbba034f306bfe2",
"refsource": "MISC",
"url": "https://github.com/ledgersmb/ledgersmb/commit/c242f5a2abf4b99b0da205473cbba034f306bfe2"
},
{
"name": "https://ledgersmb.org/cve-2021-3882-sensitive-non-secure-cookie",
"refsource": "MISC",
"url": "https://ledgersmb.org/cve-2021-3882-sensitive-non-secure-cookie"
}
]
},
"source": {
"advisory": "7061d97a-98a5-495a-8ba0-3a4c66091e9d",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3882",
"datePublished": "2021-10-14T08:20:11",
"dateReserved": "2021-10-12T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21940 (GCVE-0-2022-21940)
Vulnerability from cvelistv5
Published
2023-02-09 20:54
Modified
2025-03-24 18:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Summary
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Johnson Controls | System Configuration Tool (SCT) |
Version: 14 < 14.2.3 Version: 15 < 15.0.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:00:53.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21940",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T18:12:06.969930Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T18:12:16.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "System Configuration Tool (SCT)",
"vendor": "Johnson Controls",
"versions": [
{
"lessThan": "14.2.3",
"status": "affected",
"version": "14",
"versionType": "custom"
},
{
"lessThan": "15.0.3",
"status": "affected",
"version": "15",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-02-09T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie."
}
],
"value": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie."
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212 Functionality Misuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-614",
"description": "CWE-614: Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-09T20:54:02.226Z",
"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"shortName": "jci"
},
"references": [
{
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update SCT version 14 with patch 14.2.3"
}
],
"value": "Update SCT version 14 with patch 14.2.3"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update SCT version 15 with patch 15.0.3\u003cbr\u003e"
}
],
"value": "Update SCT version 15 with patch 15.0.3\n"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Contact your local Johnson Controls office or Authorized Building Control Specialists (ABCS)."
}
],
"value": "Contact your local Johnson Controls office or Authorized Building Control Specialists (ABCS)."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute in System Configuration Tool (SCT)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"assignerShortName": "jci",
"cveId": "CVE-2022-21940",
"datePublished": "2023-02-09T20:54:02.226Z",
"dateReserved": "2021-12-15T20:21:18.771Z",
"dateUpdated": "2025-03-24T18:12:16.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24045 (GCVE-0-2022-24045)
Vulnerability from cvelistv5
Published
2022-05-10 09:46
Modified
2024-08-03 03:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Summary
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The application, after a successful login, sets the session cookie on the browser via client-side JavaScript code, without applying any security attributes (such as “Secure”, “HttpOnly”, or “SameSite”). Any attempts to browse the application via unencrypted HTTP protocol would lead to the transmission of all his/her session cookies in plaintext through the network. An attacker could then be able to sniff the network and capture sensitive information.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Siemens | Desigo DXR2 |
Version: All versions < V01.21.142.5-22 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Desigo DXR2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V01.21.142.5-22"
}
]
},
{
"product": "Desigo PXC3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V01.21.142.4-18"
}
]
},
{
"product": "Desigo PXC4",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V02.20.142.10-10884"
}
]
},
{
"product": "Desigo PXC5",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V02.20.142.10-10884"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Desigo DXR2 (All versions \u003c V01.21.142.5-22), Desigo PXC3 (All versions \u003c V01.21.142.4-18), Desigo PXC4 (All versions \u003c V02.20.142.10-10884), Desigo PXC5 (All versions \u003c V02.20.142.10-10884). The application, after a successful login, sets the session cookie on the browser via client-side JavaScript code, without applying any security attributes (such as \u201cSecure\u201d, \u201cHttpOnly\u201d, or \u201cSameSite\u201d). Any attempts to browse the application via unencrypted HTTP protocol would lead to the transmission of all his/her session cookies in plaintext through the network. An attacker could then be able to sniff the network and capture sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-614",
"description": "CWE-614: Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T09:21:35",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-24045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Desigo DXR2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V01.21.142.5-22"
}
]
}
},
{
"product_name": "Desigo PXC3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V01.21.142.4-18"
}
]
}
},
{
"product_name": "Desigo PXC4",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V02.20.142.10-10884"
}
]
}
},
{
"product_name": "Desigo PXC5",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V02.20.142.10-10884"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Desigo DXR2 (All versions \u003c V01.21.142.5-22), Desigo PXC3 (All versions \u003c V01.21.142.4-18), Desigo PXC4 (All versions \u003c V02.20.142.10-10884), Desigo PXC5 (All versions \u003c V02.20.142.10-10884). The application, after a successful login, sets the session cookie on the browser via client-side JavaScript code, without applying any security attributes (such as \u201cSecure\u201d, \u201cHttpOnly\u201d, or \u201cSameSite\u201d). Any attempts to browse the application via unencrypted HTTP protocol would lead to the transmission of all his/her session cookies in plaintext through the network. An attacker could then be able to sniff the network and capture sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-614: Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-24045",
"datePublished": "2022-05-10T09:46:56",
"dateReserved": "2022-01-27T00:00:00",
"dateUpdated": "2024-08-03T03:59:23.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Implementation
Description:
- Always set the secure attribute when the cookie should sent via HTTPS only.
CAPEC-102: Session Sidejacking
Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.