CVE-2021-40649

Description

In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the HttpOnly flag set.

References

Product
ExploitThird Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

PARTIAL

AvailabilityImpact

NONE

IntegrityImpact

PARTIAL

BaseScore

6.400000095367432

VectorString

AV:N/AC:L/Au:N/C:P/I:P/A:N

Version

2.0

AccessVector

NETWORK

Authentication

NONE