Description
Within the Service Desk module of the ITarian platform (SAAS and on-premise), a remote attacker can obtain sensitive information, caused by the failure to set the HTTP Only flag. A remote attacker could exploit this vulnerability to gain access to the management interface by using this vulnerability in combination with a successful Cross-Site Scripting attack on a user.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
related
https://csirt.divd.nl/DIVD-2021-00037
Third Party Advisory x_refsource_confirm
third-party-advisory
https://csirt.divd.nl/CVE-2022-25151
Scores
CVSS v3
7.5
EPSS
0.0029
EPSS Percentile
52.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-614
CWE-732
Status
published
Products (2)
itarian/on-premise
< 6.35.37347.20040
itarian/saas_service_desk
< 6.35.37347.20040
Published
Jun 09, 2022
Tracked Since
Feb 18, 2026