Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in System Configuration Tool (SCT)
Vulnerability Description
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
HTTPS会话中未设置’Secure’属性的敏感Cookie
Vulnerability Title
Johnson Controls System Configuration Tool 跨站脚本漏洞
Vulnerability Description
Johnson Controls System Configuration Tool是美国江森自控(Johnson Controls)公司的一个控制器配置工具。用作现场设备控制器逻辑的接口,为编程提供直观的屏幕。 Johnson Controls System Configuration Tool 14.2.3 版本存在安全漏洞。目前尚无此漏洞的相关信息,请随时关注CNNVD或厂商公告。
CVSS Information
N/A
Vulnerability Type
N/A