CVE-2019-8283

Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7.92, does not have 'HttpOnly' flag. This allows malicious javascript to steal it.
Configurations

Configuration 1 (hide)

cpe:2.3:a:gemalto:sentinel_ldk:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:49

Type Values Removed Values Added
References () https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/06/05/klcert-19-030-hasplm-cookie-without-httponly-attribute/ - Third Party Advisory () https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/06/05/klcert-19-030-hasplm-cookie-without-httponly-attribute/ - Third Party Advisory

14 Sep 2021, 12:18

Type Values Removed Values Added
CWE CWE-200 CWE-732

Information

Published : 2019-06-07 15:29

Updated : 2024-11-21 04:49


NVD link : CVE-2019-8283

Mitre link : CVE-2019-8283

CVE.ORG link : CVE-2019-8283


JSON object : View

Products Affected

gemalto

  • sentinel_ldk
CWE
CWE-1004

Sensitive Cookie Without 'HttpOnly' Flag

CWE-732

Incorrect Permission Assignment for Critical Resource