How severe is CVE-2022-21939?

CVE-2022-21939 has a CVSS v3 score of 7.5 (HIGH).

CVE-2022-21939

Name: metasys_system_configuration_tool
Author: johnsoncontrols

7.5HIGH

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.

公開日: 2/9/2023更新日: 11/21/2024

説明

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.

AI分析AIによる分析

影響を受ける製品

johnsoncontrolsmetasys_system_configuration_tool

参照

https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-03
Third Party AdvisoryUS Government ResourceVDB Entry
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-03
Third Party AdvisoryUS Government ResourceVDB Entry
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Vendor Advisory