CVE-2021-34563

Low

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be…

CERTVDE·CWE-1004·Published 2021-08-31

CVSS

3.3

EPSS

0.00

KEV

Exploits

cve.orgen

176 chars

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript.

NVDen

176 chars

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript.

En PEPPERL+FUCHS WirelessHART-Gateway versiones 3.0.8 y 3.0.9, el atributo HttpOnly no es ajustado en una cookie. Esto permite que el valor de la cookie sea leído o establecido por el JavaScript del lado del cliente

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N
3.1	Primary	cve.org	3.3	—	—	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
3.1	Primary	NVD	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.1	Primary	cve.org	3.3	—	—	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
3.1	Secondary	NVD	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N