CVE-2022-43845
LOWDescription
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| ibm | aspera_console |
| linux | linux_kernel |
| microsoft | windows |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2022-43845? +
How severe is CVE-2022-43845? +
What products are affected by CVE-2022-43845? +
How do I check if I'm vulnerable to CVE-2022-43845? +
Related Vulnerabilities
This vulnerability exists in Digisol DG-GR6821AC Router due to misconfiguration of both Secure and HttpOnly flags on session cookies associated …
This vulnerability exists in the CP Plus Router due to insecure handling of cookie flags used within its web interface. …
An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag.
Budibase is an open-source low-code platform. Prior to version 3.35.10, the budibase:auth cookie containing the JWT session token is set …
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router's …
TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as /trufusionPortal/getProjectList. However, the …