How severe is CVE-2022-21939?

CVE-2022-21939 has a CVSS v3 score of 7.5 (HIGH).

CVE-2022-21939

Name: metasys_system_configuration_tool
Author: johnsoncontrols

7.5HIGH

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.

Publicado: 2/9/2023Actualizado: 11/21/2024

Descripción

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.

Análisis IAImpulsado por IA

Productos Afectados

johnsoncontrolsmetasys_system_configuration_tool

Referencias

https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-03
Third Party AdvisoryUS Government ResourceVDB Entry
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-03
Third Party AdvisoryUS Government ResourceVDB Entry
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Vendor Advisory