CVE-2023-4228

MEDIUM Year: 2023
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-1004
View all →

Vulnerability Description

A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.

Related Vulnerabilities

CVE-2019-25091

MEDIUM
CVSS:5.3(Medium)

A vulnerability classified as problematic has been found in nsupdate.info. This affects an unknown part of the file src/nsupdate/settings/base.py of the component CSRF Cookie Handler. The manipulation...

CWE-10042019

CVE-2021-34563

LOW
CVSS:3.3(Low)

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript.

CWE-10042021

CVE-2022-4630

MEDIUM
CVSS:5.3(Medium)

Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal/daloradius prior to master.

CWE-10042022

CVE-2023-4217

MEDIUM
CVSS:5.3(Medium)

A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to securit...

CWE-10042023

CVE-2020-27658

MEDIUM
CVSS:6.1(Medium)

Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensi...

CWE-10042020

CVE-2022-21939

MEDIUM
CVSS:6.1(Medium)

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.

CWE-10042022