CVE-2022-26157

Severity CVSS v4.0:
Pending analysis
Type:
CWE-311 Missing Encryption of Sensitive Data
Publication date:
28/02/2022
Last modified:
08/08/2023

Description

An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. The ASP.NET_Sessionid cookie is not protected by the Secure flag. This makes it prone to interception by an attacker if traffic is sent over unencrypted channels.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:cherwell:cherwell_service_management:10.2.3:*:*:*:*:*:*:*