4.3
CVE-2025-52608
- EPSS 0.1%
- Veröffentlicht 04.06.2026 11:49:16
- Zuletzt bearbeitet 04.06.2026 18:38:35
- Quelle psirt@hcl.com
- CVE-Watchlists
- Unerledigt
HCL iControl was affected by Missing Cookie Attributes vulnerability.
HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. And also path is set to root.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.01 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
| psirt@hcl.com | 3.1 | 1.6 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
|
CWE-614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
The Secure attribute for sensitive cookies in HTTPS sessions is not set.
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131061