CVE Vulnerabilities

CVE-2021-27463

Use of Persistent Cookies Containing Sensitive Information

Published: May 20, 2021 | Modified: May 28, 2021
CVSS 3.x
5.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information.

Weakness

The web application uses persistent cookies, but the cookies contain sensitive information.

Affected Software

Name Vendor Start Version End Version
X-stream_enhanced_xegp_firmware Emerson * *

Potential Mitigations

References