CVE-2024-44575

Published: Sep 11, 2024Modified: Apr 28, 2025

3.7

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.2 / Impact: 1.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session.

Affected (1)

Products: Relyum: Rely Pcie Firmware

Relyum

1 product

Rely Pcie Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Relyum Rely Pcie Firmware	From 22.2.1 to 23.1.0

Running on/with	Platform Versions
Relyum Rely Pcie	All versions

Related CWEs

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

http://system-on-chip.com

Source: cve@mitre.org

Broken Link

https://www.relyum.com/web/support/vulnerability-report/

Source: cve@mitre.org

Broken Link

Timeline

No history available yet.