CVE-2022-43845

High

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the…

ibm·CWE-1004·Published 2024-09-24

CVSS

7.5

EPSS

0.00

KEV

Exploits

cve.orgen

249 chars

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.

NVDen

249 chars

NVDes

269 chars

IBM Aspera Console 3.4.0 a 3.4.4 podría permitir que un atacante remoto obtenga información confidencial, debido a la falla al configurar el indicador HTTPOnly. Un atacante remoto podría aprovechar esta vulnerabilidad para obtener información confidencial de la cookie.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.1	Primary	cve.org	3.7	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N