CVE-2022-26157

An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. The ASP.NET_Sessionid cookie is not protected by the Secure flag. This makes it prone to interception by an attacker if traffic is sent over unencrypted channels.
Configurations

Configuration 1

cpe:2.3:a:cherwell:cherwell_service_management:10.2.3:*:*:*:*:*:*:*

Information

Published : 2022-02-28 04:15

Updated : 2022-03-08 06:18


NVD link : CVE-2022-26157

Mitre link : CVE-2022-26157

Products Affected
No products.
CWE