CVE-2024-35211

Name of the Vulnerable Software and Affected Versions: SINEC Traffic Analyzer versions prior to V1.2

Description: A vulnerability has been identified in the affected web server of SINEC Traffic Analyzer. After a successful login, the web server sets the session cookie on the browser without applying security attributes such as Secure, HttpOnly, or SameSite. This issue may allow a remote attacker to gain unauthorized access to protected information.

Recommendations: For versions prior to V1.2, consider applying security attributes to the session cookie, such as setting Secure, HttpOnly, or SameSite, to minimize the risk of exploitation. As a temporary workaround, restrict access to sensitive information and consider implementing additional security measures to protect against unauthorized access.