CVE-2020-14248

Published: Dec 16, 2020Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Affected (1)

Products: Hcltech: Bigfix Platform

Hcltech

1 product

Bigfix Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hcltech Bigfix Platform	From 9.0.0 to 10.0.2

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (2)

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085735

Source: psirt@hcl.com

MitigationVendor Advisory

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085735

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.