PT-2025-9801 · Unknown · Foreseer Reporting
Publicado
2025-03-05
·
Atualizado
2025-03-06
·
CVE-2025-22493
CVSS v3.1
5.6
Média
| Vetor | AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
Foreseer Reporting Software (FRS) versions prior to 1.5.100
Description
The issue arises from the secure flag not being set and the SameSite attribute being set to Lax in the Foreseer Reporting Software. This could lead to the session cookie being transmitted over unencrypted HTTP connections, posing a security risk.
Recommendations
For versions prior to 1.5.100, update to the latest version of FRS, which is version 1.5.100, to resolve the security issue.
Correção
Cleartext Transmission of Sensitive Information
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Foreseer Reporting