CVE-2022-21940

MEDIUM Year: 2022
CVSS v3 Score
6.1
Medium
Weakness Type
CWE-614
View all →

Vulnerability Description

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.

Related Vulnerabilities

CVE-2021-3882

MEDIUM
CVSS:5.9(Medium)

LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypte...

CWE-6142021

CVE-2022-4409

MEDIUM
CVSS:6.3(Medium)

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9.

CWE-6142022

CVE-2023-5866

MEDIUM
CVSS:6.3(Medium)

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1.

CWE-6142023

CVE-2021-27764

MEDIUM
CVSS:6.5(Medium)

Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. (WebUI)

CWE-6142021

CVE-2022-24045

MEDIUM
CVSS:6.5(Medium)

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All ve...

CWE-6142022

CVE-2024-35211

MEDIUM
CVSS:6.5(Medium)

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server, after a successful login, sets the session cookie on the browser, wit...

CWE-6142024