CVE-2023-4228
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Summary
A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Moxa | ioLogik 4000 Series | 1.0 <= 1.6 | affected |
Weaknesses
- CWE-1004: CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.