Total
50 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-4688 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2020-08-27 | 4.3 Medium |
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 171825. | ||||
CVE-2019-4638 | 1 Ibm | 1 Security Secret Server | 2020-01-30 | 3.7 Low |
IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 170044. | ||||
CVE-2012-5631 | 1 Freeipa | 1 Freeipa | 2019-12-09 | 8.8 High |
ipa 3.0 does not properly check server identity before sending credential containing cookies | ||||
CVE-2019-17104 | 1 Centreon | 1 Centreon Vm | 2019-10-11 | 7.5 High |
In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set. | ||||
CVE-2018-5455 | 1 Moxa | 8 Oncell G3110-hspa, Oncell G3110-hspa-t, Oncell G3110-hspa-t Firmware and 5 more | 2019-10-09 | N/A |
A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authentication and gaining access to device functions. | ||||
CVE-2018-5190 | 1 Picturespro | 1 Picturespro | 2019-10-03 | N/A |
PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows remote attackers to access arbitrary customer accounts via a modified cookie, related to pc_head.php, pc_login.php, and pc_login_page.php. | ||||
CVE-2017-6896 | 1 Digisol | 2 Dg-hr1400 Router, Dg-hr1400 Router Firmware | 2019-10-03 | N/A |
Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just by modifying the Base64-encoded session cookie value. | ||||
CVE-2017-7279 | 1 Unitrends | 1 Enterprise Backup | 2019-10-03 | N/A |
An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login. | ||||
CVE-2018-20512 | 1 Cdatatec | 22 Epon Cpe-wifi Devices Firmware, Fd108bn, Fd111hz and 19 more | 2019-10-03 | N/A |
EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, cooUser=admin, and timestamp=-1 cookies. | ||||
CVE-2017-8034 | 1 Cloudfoundry | 3 Capi-release, Cf-release, Routing-release | 2019-10-03 | N/A |
The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With certain multi-zone UAA configurations, zone administrators are able to escalate their privileges. |