How severe is CVE-2022-24045?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2022-24045?

This is classified as CWE-614, which is a common weakness in software security.

CVE-2022-24045 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The application, after a successful login, sets the session cookie on the browser via client-side JavaScript code, without applying any security attributes (such as “Secure”, “HttpOnly”, or “SameSite”). Any attempts to browse the application via unencrypted HTTP protocol would lead to the transmission of all his/her session cookies in plaintext through the network. An attacker could then be able to sniff the network and capture sensitive information.

Related Vulnerabilities

CVE-2021-27764

MEDIUM

CVSS:6.5(Medium)

Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. (WebUI)

CWE-6142021

CVE-2024-35211

MEDIUM

CVSS:6.5(Medium)

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server, after a successful login, sets the session cookie on the browser, wit...

CWE-6142024

CVE-2024-47833

MEDIUM

CVSS:6.5(Medium)

Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure a...

CWE-6142024

CVE-2022-4409

MEDIUM

CVSS:6.3(Medium)

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9.

CWE-6142022

CVE-2023-5866

MEDIUM

CVSS:6.3(Medium)

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1.

CWE-6142023

CVE-2025-24390

MEDIUM

CVSS:6.8(Medium)

A vulnerability in OTRS Application Server and reverse proxy settings allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. This issue affects: * OTRS 7.0...

CWE-6142025