How severe is CVE-2022-21939?

CVE-2022-21939 has a CVSS v3 score of 7.5 (HIGH).

CVE-2022-21939

Name: metasys_system_configuration_tool
Author: johnsoncontrols

7.5HIGH

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.

发布于: 2/9/2023更新于: 11/21/2024

描述

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.

AI分析AI驱动

受影响产品

johnsoncontrolsmetasys_system_configuration_tool

参考资料

https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-03
Third Party AdvisoryUS Government ResourceVDB Entry
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-03
Third Party AdvisoryUS Government ResourceVDB Entry
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Vendor Advisory