How severe is CVE-2022-21939?

CVE-2022-21939 has a CVSS v3 score of 7.5 (HIGH).

CVE-2022-21939

Name: metasys_system_configuration_tool
Author: johnsoncontrols

7.5HIGH

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.

Опубликовано: 2/9/2023Обновлено: 11/21/2024

Описание

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.

ИИ-АнализНа базе ИИ

Затронутые продукты

johnsoncontrolsmetasys_system_configuration_tool

Ссылки

https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-03
Third Party AdvisoryUS Government ResourceVDB Entry
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-03
Third Party AdvisoryUS Government ResourceVDB Entry
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Vendor Advisory