CVE-2022-21940

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:johnsoncontrols:metasys_system_configuration_tool:*:*:*:*:*:*:*:*
cpe:2.3:a:johnsoncontrols:metasys_system_configuration_tool:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:45

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.1
v2 : unknown
v3 : 7.5
References () https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-03 - Third Party Advisory, US Government Resource, VDB Entry () https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-03 - Third Party Advisory, US Government Resource, VDB Entry
References () https://www.johnsoncontrols.com/cyber-solutions/security-advisories - Vendor Advisory () https://www.johnsoncontrols.com/cyber-solutions/security-advisories - Vendor Advisory

27 Jun 2023, 18:19

Type Values Removed Values Added
CWE CWE-79 CWE-311

Information

Published : 2023-02-09 21:15

Updated : 2024-11-21 06:45


NVD link : CVE-2022-21940

Mitre link : CVE-2022-21940

CVE.ORG link : CVE-2022-21940


JSON object : View

Products Affected

johnsoncontrols

  • metasys_system_configuration_tool
CWE
CWE-614

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

CWE-311

Missing Encryption of Sensitive Data