Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-03 | Third Party Advisory US Government Resource VDB Entry |
https://www.johnsoncontrols.com/cyber-solutions/security-advisories | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: jci
Published: 2023-02-09T20:54:02.226Z
Updated:
Reserved: 2021-12-15T20:21:18.771Z
Link: CVE-2022-21940
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-02-09T21:15:11.213
Modified: 2023-06-27T18:19:03.417
Link: CVE-2022-21940
JSON object: View
Redhat Information
No data.