Medium
CVSS: 4.6
HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks…
High
CVSS: 8.5
Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cook…
Low
CVSS: 3.7
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie.
Medium
CVSS: 5.4
HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery (CSRF) attacks, where a malicious site could trick a user's browser into making unintended requests using authentic…
Medium
CVSS: 5.5
HCL SX does not set the secure attribute on authorization tokens or session cookies. Attackers may potentially be able to obtain access to the cookie values via a Cross-Site-Forgery-Request (CSRF).
Medium
CVSS: 4.8
A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive
cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication…