Description
The product stores sensitive information in cleartext in a cookie.
Extended Description
Attackers can use widely-available tools to view the cookie and read the sensitive information. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.
CVE vulnerabilities with CWE-315 (8)
9.3
CVSS
CRITICAL
CVE-2024-8644
pub. 2024-09-27
9.1
CVSS
CRITICAL
CVE-2026-25818
pub. 2026-03-13
8.1
CVSS
HIGH
CVE-2024-41290
pub. 2024-10-02
7.5
CVSS
HIGH
CVE-2018-19941
pub. 2020-12-31
6.5
CVSS
MEDIUM
CVE-2024-24768
pub. 2024-02-05
5.5
CVSS
MEDIUM
CVE-2021-34564
pub. 2021-08-31
2.9
CVSS
LOW
CVE-2025-8528
pub. 2025-08-04
2.3
CVSS
LOW
CVE-2025-4537
pub. 2025-05-11