CVE Vulnerability

CVE-2019-14849

A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information.

3.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 6.8 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

5.4 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14849 Issue Tracking Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:redhat:3scale:*:*:*:*:*:*:*:*
Information

Published : 2019-12-12 02:15

Updated : 2023-02-12 11:35

NVD link : CVE-2019-14849

Mitre link : CVE-2019-14849

Products Affected

3scale

Redhat

CWE
CWE-201

Insertion of Sensitive Information Into Sent Data