Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-03 | Third Party Advisory US Government Resource VDB Entry |
https://www.johnsoncontrols.com/cyber-solutions/security-advisories | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: jci
Published: 2023-02-09T20:49:17.442Z
Updated:
Reserved: 2021-12-15T20:21:18.770Z
Link: CVE-2022-21939
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-02-09T21:15:11.123
Modified: 2023-06-27T18:19:36.620
Link: CVE-2022-21939
JSON object: View
Redhat Information
No data.