CVE Vulnerabilities

CVE-2022-43845

Sensitive Cookie Without 'HttpOnly' Flag

Published: Sep 25, 2024 | Modified: Sep 30, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.

Weakness

The product uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag.

Affected Software

Name Vendor Start Version End Version
Aspera_console Ibm 3.4.0 (including) 3.4.5 (excluding)

Potential Mitigations

References