Security Advisory

CVE-2022-26157

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-02-28 15:25:10

Last updated 2024-08-03 04:56:37

Assigner mitre

State PUBLISHED

Description

An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. The ASP.NET_Sessionid cookie is not protected by the Secure flag. This makes it prone to interception by an attacker if traffic is sent over unencrypted channels.

← Browse all CVEs View on cve.org ↗