Insecure Cookie Handling in Johnson Controls System Configuration Tool (SCT) Versions 14 and 15

Insecure Cookie Handling in Johnson Controls System Configuration Tool (SCT) Versions 14 and 15

CVE-2022-21940 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.

Learn more about our Web Application Penetration Testing UK.