CVE-2022-43845

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.
References
Link Resource
https://www.ibm.com/support/pages/node/7169766 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:ibm:aspera_console:*:*:*:*:*:*:*:*
OR cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

30 Sep 2024, 15:40

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 3.7
v2 : unknown
v3 : 7.5
References () https://www.ibm.com/support/pages/node/7169766 - () https://www.ibm.com/support/pages/node/7169766 - Vendor Advisory
CWE CWE-732
CPE cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_console:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
First Time Ibm
Linux linux Kernel
Ibm aspera Console
Microsoft
Microsoft windows
Linux

26 Sep 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) IBM Aspera Console 3.4.0 a 3.4.4 podría permitir que un atacante remoto obtenga información confidencial, debido a la falla al configurar el indicador HTTPOnly. Un atacante remoto podría aprovechar esta vulnerabilidad para obtener información confidencial de la cookie.

25 Sep 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-25 01:15

Updated : 2024-09-30 15:53


NVD link : CVE-2022-43845

Mitre link : CVE-2022-43845

CVE.ORG link : CVE-2022-43845


JSON object : View

Products Affected

linux

  • linux_kernel

ibm

  • aspera_console

microsoft

  • windows
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource

CWE-1004

Sensitive Cookie Without 'HttpOnly' Flag