Lucene search
RedhatCVELIST:CVE-2019-14849HistoryDec 12, 2019 - 1:14 p.m.
CVE-2019-14849
2019-12-1213:14:53
CWE-201
redhat
www.cve.org
3
CVSS3
4.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
EPSS
0.001
Percentile
22.7%
A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information.
CNA Affected
[
{
"product": "3scale",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
]Related
cve
cve
CVE-2019-14849
2019-12-12 14:15:15
symantec
symantec
prion
prion
Cross site scripting
2019-12-12 14:15:00
redhatcve
redhatcve
CVE-2019-14849
2019-12-11 20:51:03
nvd
nvd
CVE-2019-14849
2019-12-12 14:15:15
redhat
redhat
CVSS3
4.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
EPSS
0.001
Percentile
22.7%
Related for CVELIST:CVE-2019-14849