CVE-2019-14849

A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14849 Issue Tracking Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:redhat:3scale:*:*:*:*:*:*:*:*

Information

Published : 2019-12-12 02:15

Updated : 2023-02-12 11:35


NVD link : CVE-2019-14849

Mitre link : CVE-2019-14849

Products Affected
CWE
CWE-201

Insertion of Sensitive Information Into Sent Data