How severe is CVE-2022-21939?

CVE-2022-21939 has a CVSS v3 score of 7.5 (HIGH).

CVE-2022-21939

Name: metasys_system_configuration_tool
Author: johnsoncontrols

7.5HIGH

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.

Veröffentlicht: 2/9/2023Aktualisiert: 11/21/2024

Beschreibung

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.

KI-AnalyseKI-gestützt

Betroffene Produkte

johnsoncontrolsmetasys_system_configuration_tool

Referenzen

https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-03
Third Party AdvisoryUS Government ResourceVDB Entry
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-03
Third Party AdvisoryUS Government ResourceVDB Entry
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Vendor Advisory