HIGH🇵🇱 Wersja polska

CVE-2022-21939

CVSS 7.5v3.1pub. 2023-02-09upd. 2024-11-21

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Johnsoncontrols Metasys System Configuration Tool

    APP
    Johnsoncontrols
    14.0 – 14.2.3 (bez)15.0 – 15.0.3 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-21940HIGH7.5ten sam produkt

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configur...

CVE-2020-9044HIGH7.5ten sam produkt

XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate D...

CVE-2021-36203MEDIUM5.3ten sam produkt

The affected product may allow an attacker to identify and forge requests to internal systems by way of a spec...

CVE-2024-32758CRITICAL9.0PL ✓ten sam vendor

Niewystarczająca długość klucza kryptograficznego w komunikacji exacqVision

CVE-2023-4804CRITICAL10.0ten sam vendor

An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.