Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7.92, does not have 'HttpOnly' flag. This allows malicious javascript to steal it.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NGemalto Sentinel Ldk
APPGemalto< 7.92
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2019-8282MEDIUM5.3ten sam produkt
Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with www3.safenet...
CVE-2017-11497CRITICAL9.8ten sam vendor
Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.1...
CVE-2017-11496CRITICAL9.8ten sam vendor
Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.1...
CVE-2019-18232HIGH7.8ten sam vendor
SafeNet Sentinel LDK License Manager, all versions prior to 7.101(only Microsoft Windows versions are affected...
CVE-2019-9156HIGH8.0ten sam vendor
Gemalto DS3 Authentication Server 2.6.1-SP01 allows OS Command Injection.