CVE-2024-30142

LOW Year: 2024
CVSS v3 Score
3.8
Low
Weakness Type
CWE-614
View all →

Vulnerability Description

HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel.

Related Vulnerabilities

CVE-2020-27650

LOW
CVSS:3.7(Low)

Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by in...

CWE-6142020

CVE-2022-4683

MEDIUM
CVSS:4.3(Medium)

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0.

CWE-6142022

CVE-2023-3520

MEDIUM
CVSS:4.3(Medium)

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6.

CWE-6142023

CVE-2023-42016

MEDIUM
CVSS:4.3(Medium)

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to ...

CWE-6142023

CVE-2023-46179

MEDIUM
CVSS:4.3(Medium)

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a us...

CWE-6142023

CVE-2024-43180

MEDIUM
CVSS:4.3(Medium)

IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this lin...

CWE-6142024