CVE-2022-43845
25.09.2024, 01:15
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.Enginsight
| Vendor | Product | Version |
|---|---|---|
| ibm | aspera_console | 3.4.0 ≤ 𝑥 < 3.4.5 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-1004 - Sensitive Cookie Without 'HttpOnly' FlagThe software uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag.
- CWE-732 - Incorrect Permission Assignment for Critical ResourceThe product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.