PT-2023-12673 · Johnson Controls · Johnson Controls System Configuration Tool
Published
2023-02-09
·
Updated
2023-06-27
·
CVE-2022-21939
CVSS v3.1
7.5
High
| Vector | AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Johnson Controls System Configuration Tool (SCT) versions 14 prior to 14.2.3
Johnson Controls System Configuration Tool (SCT) versions 15 prior to 15.0.3
Description
The issue allows access to a sensitive cookie due to the lack of the 'HttpOnly' flag. This could potentially compromise the security of the system.
Recommendations
For Johnson Controls System Configuration Tool (SCT) versions 14 prior to 14.2.3, update to version 14.2.3 or later.
For Johnson Controls System Configuration Tool (SCT) versions 15 prior to 15.0.3, update to version 15.0.3 or later.
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Johnson Controls System Configuration Tool