Cherwell - Cherwell Service Management CVE

Filtered by vendor Cherwell Subscribe

Filtered by product Cherwell Service Management

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-26157	1 Cherwell	1 Cherwell Service Management	2023-08-08	5.0 MEDIUM	5.3 MEDIUM
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. The ASP.NET_Sessionid cookie is not protected by the Secure flag. This makes it prone to interception by an attacker if traffic is sent over unencrypted channels.

Vulnerabilities (CVE)