CVE-2020-14248

Summary

BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Affected Software

VendorProductVersion RangeStatus
n/aHCL BigFix Inventoryv9, v10.0.xaffected

Weaknesses

  • Security misconfiguration

ADP Enrichment

CVE Program Container

Additional References

References