7.5
CVE-2022-43845
- EPSS 0.12%
- Veröffentlicht 25.09.2024 01:15:32
- Zuletzt bearbeitet 30.09.2024 15:53:01
- Quelle psirt@us.ibm.com
- Teams Watchlist Login
- Unerledigt Login
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Aspera Console Version >= 3.4.0 < 3.4.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Typ | Quelle | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 0.12% | 0.313 |
Quelle | Base Score | Exploit Score | Impact Score | Vector String |
---|---|---|---|---|
nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
psirt@us.ibm.com | 3.7 | 2.2 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-1004 Sensitive Cookie Without 'HttpOnly' Flag
The product uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag.
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.