CWE-614

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Parent: CWE-319 - Cleartext Transmission of Sensitive Information

The Secure attribute for sensitive cookies in HTTPS sessions is not set.

58 vulnerabilities with CWE-614
CVE-2024-55897 MEDIUM
IBM PowerHA SystemMirror for i <7.4-7.5 - Open Redirect
CVSS 4.3
CVE-2024-30142 LOW
HCL BigFix Compliance - Info Disclosure
CVSS 3.8
CVE-2024-47833 MEDIUM
Taipy < 4.0.0 - Cleartext Transmission of Sensitive Information via Session Cookies
CVSS 6.5
CVE-2024-43180 MEDIUM
IBM Concert 1.0 - Cleartext Transmission of Sensitive Information
CVSS 4.3
CVE-2024-41684 MEDIUM
SyroTech SY-GPON-1110-WDONT Router - Info Disclosure
CVSS 5.3
CVE-2024-39734 MEDIUM
IBM Datacap Navigator <9.1.10 - Open Redirect
CVSS 4.3
CVE-2024-35211 MEDIUM
SINEC Traffic Analyzer <V1.2 - Info Disclosure
CVSS 5.5
CVE-2024-2493 HIGH
Hitachi Ops Center Analyzer <11.0.1 - Info Disclosure
CVSS 7.5
CVE-2024-0349 LOW
SourceCodester Engineers Online Portal 1.0 - Info Disclosure
CVSS 3.7
CVE-2023-33860 MEDIUM
IBM Security QRadar EDR 3.12 - Open Redirect
CVSS 5.3
CVE-2023-46179 MEDIUM
IBM Sterling Secure Proxy <6.1.0 - Open Redirect
CVSS 4.3
CVE-2023-42016 MEDIUM
IBM Sterling B2B Integrator 6.0.0.0-6.0.3.8 & 6.1.0.0-6.1.2.3 Cleartext Session Cookie Transmission
CVSS 4.3
CVE-2023-5035 LOW
Moxa EDS-G503 Firmware < 5.2 - Cleartext Transmission of Sensitive Information via Unsecured Cookie Attribute
CVSS 3.1
CVE-2023-5866 MEDIUM
thorsten/phpmyfaq <3.2.1 - Info Disclosure
CVSS 5.7
CVE-2023-4654 LOW
instantsoft/icms2 <2.16.1 - Info Disclosure
CVSS 3.5
CVE-2023-3520 MEDIUM
GitHub openitcockpit <4.6.6 - Info Disclosure
CVSS 4.6
CVE-2023-0055 MEDIUM
pyload <0.5.0b3.dev32 - Info Disclosure
CVSS 5.3
CVE-2022-21940 HIGH
Johnson Controls SCT <14.2.3, 15.0.3 - Info Disclosure
CVSS 7.5
CVE-2022-4683 MEDIUM
GitHub usememos/memos <0.9.0 - Info Disclosure
CVSS 6.5
CVE-2022-4409 HIGH
thorsten/phpmyfaq <3.1.9 - Info Disclosure
CVSS 7.5
CVE-2022-3251 MEDIUM
GitHub ikus060/minarca <4.2.2 - Info Disclosure
CVSS 5.3
CVE-2022-3250 MEDIUM
GitHub rdiffweb <2.4.6 - Info Disclosure
CVSS 5.3
CVE-2022-3174 HIGH
GitHub ikus060/rdiffweb <2.4.2 - Info Disclosure
CVSS 7.5
CVE-2022-25151 HIGH
ITarian Service Desk < 6.35.37347.20040 - Sensitive Cookie Exposure via Missing Secure and HttpOnly Flags
CVSS 7.5
CVE-2022-24045 MEDIUM
Desigo DXR2 < V01.21.142.5-22 - Info Disclosure
CVSS 6.5
Details
Vulnerabilities 58
Links
MITRE CWE Entry Search this CWE With Exploits