Vulnerabilities (CVE)

Filtered by CWE-614
Total 23 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-3520 1 It-novum 1 Openitcockpit 2024-11-21 N/A 4.6 MEDIUM
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6.
CVE-2024-47833 1 Avaiga 1 Taipy 2024-10-16 N/A 6.5 MEDIUM
Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-43180 1 Ibm 1 Concert 2024-09-20 N/A 4.3 MEDIUM
IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.