Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2022-21940
HistoryFeb 09, 2023 - 9:15 p.m.

CVE-2022-21940

2023-02-0921:15:11
CWE-311
CWE-614
[email protected]
web.nvd.nist.gov
3
cookie
johnson controls
sct
vulnerability
secure attribute

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

35.8%

JSON

Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.

Affected configurations

Nvd
Node
johnsoncontrolsmetasys_system_configuration_toolRange14.014.2.3
OR
johnsoncontrolsmetasys_system_configuration_toolRange15.015.0.3
VendorProductVersionCPE
johnsoncontrolsmetasys_system_configuration_tool*cpe:2.3:a:johnsoncontrols:metasys_system_configuration_tool:*:*:*:*:*:*:*:*

Related

prion 1
cvelist 1
cve 1
ics 1
prion
prion
Design/Logic Flaw
2023-02-09 21:15:00
cvelist
cvelist
CVE-2022-21940 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in System Configuration Tool (SCT)
2023-02-09 20:54:02
cve
cve
CVE-2022-21940
2023-02-09 21:15:11
ics
ics
Johnson Controls System Configuration Tool (SCT)
2023-02-09 12:00:00

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

35.8%

JSON
Related for NVD:CVE-2022-21940
prion1cvelist1cve1ics1