Total
32 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4749 | 1 Ibm | 1 Spectrum Scale | 2020-10-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188518. | |||||
| CVE-2019-4688 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2020-08-27 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 171825. | |||||
| CVE-2018-19224 | 1 Laobancms | 1 Laobancms | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and guanliyuan cookies. | |||||
| CVE-2011-3887 | 2 Apple, Google | 3 Iphone Os, Safari, Chrome | 2020-05-08 | 5.0 MEDIUM | N/A |
| Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors. | |||||
| CVE-2019-4638 | 1 Ibm | 1 Security Secret Server | 2020-01-30 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 170044. | |||||
| CVE-2012-5631 | 1 Freeipa | 1 Freeipa | 2019-12-09 | 6.8 MEDIUM | 8.8 HIGH |
| ipa 3.0 does not properly check server identity before sending credential containing cookies | |||||
| CVE-2019-17104 | 1 Centreon | 1 Centreon Vm | 2019-10-11 | 5.0 MEDIUM | 7.5 HIGH |
| In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set. | |||||
| CVE-2018-20512 | 1 Cdatatec | 22 Epon Cpe-wifi Devices Firmware, Fd108bn, Fd111hz and 19 more | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, cooUser=admin, and timestamp=-1 cookies. | |||||
| CVE-2018-5190 | 1 Picturespro | 1 Picturespro | 2019-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
| PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows remote attackers to access arbitrary customer accounts via a modified cookie, related to pc_head.php, pc_login.php, and pc_login_page.php. | |||||
| CVE-2017-8034 | 1 Cloudfoundry | 3 Capi-release, Cf-release, Routing-release | 2019-10-02 | 6.0 MEDIUM | 6.6 MEDIUM |
| The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With certain multi-zone UAA configurations, zone administrators are able to escalate their privileges. | |||||
| CVE-2017-7279 | 1 Unitrends | 1 Enterprise Backup | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login. | |||||
| CVE-2017-6896 | 1 Digisol | 2 Dg-hr1400 Router, Dg-hr1400 Router Firmware | 2019-10-02 | 6.5 MEDIUM | 8.8 HIGH |
| Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just by modifying the Base64-encoded session cookie value. | |||||