漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
HCL BigFix Compliance is affected by a missing secure flag on a cookie
Vulnerability Description
HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
Vulnerability Type
HTTPS会话中未设置’Secure’属性的敏感Cookie
Vulnerability Title
HCL BigFix Compliance 安全漏洞
Vulnerability Description
HCL BigFix Compliance是美国HCL公司的持续监控和应用终端安全设置,以确保符合法规或组织安全策略。 HCL BigFix Compliance v2.0.11版本存在安全漏洞,该漏洞源于受到cookie上缺少安全标志的影响。如果未设置安全标志,攻击者可使用跨站脚本攻击窃取cookie,导致未经授权的访问或会话cookie可能通过未加密的通道传输。
CVSS Information
N/A
Vulnerability Type
N/A