CVE-2020-14248

BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Published: Dec 16, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-14248
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-319

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
hcltech / bigfix_platform	9.0.0	10.0.2.x

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085735

Vulnerability Database

289,697

CVE-2020-14248