Vulnerability Details : CVE-2019-8283
Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7.92, does not have 'HttpOnly' flag. This allows malicious javascript to steal it.
Exploit prediction scoring system (EPSS) score for CVE-2019-8283
Probability of exploitation activity in the next 30 days: 0.16%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 51 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2019-8283
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2019-8283
-
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.Assigned by: nvd@nist.gov (Primary)
-
The product uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag.Assigned by: vulnerability@kaspersky.com (Secondary)
References for CVE-2019-8283
-
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/06/05/klcert-19-030-hasplm-cookie-without-httponly-attribute/
KLCERT-19-030: Hasplm cookie without HTTPOnly attribute | Kaspersky Lab ICS CERTThird Party Advisory
Products affected by CVE-2019-8283
- cpe:2.3:a:gemalto:sentinel_ldk:*:*:*:*:*:*:*:*