PT-2019-18964 · Gemalto · Gemalto Admin Control Center

Published

2019-06-07

Updated

2021-09-14

CVE-2019-8283

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Gemalto Admin Control Center versions prior to 7.92

Description The issue concerns the Hasplm cookie, which lacks the 'HttpOnly' flag, allowing malicious javascript to steal it.

Recommendations For versions prior to 7.92, consider setting the 'HttpOnly' flag for the Hasplm cookie to prevent malicious javascript from accessing it.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732CWE-1004

Related Identifiers

CVE-2019-8283

Affected Products

Gemalto Admin Control Center

PT-2019-18964 · Gemalto · Gemalto Admin Control Center

CVE-2019-8283

Weakness Enumeration

Related Identifiers

Affected Products

References · 3