What is CVE-2020-14248?

CVE-2020-14248 is a medium-severity vulnerability in Hcltech Bigfix_platform, classified under Cleartext Transmission of Sensitive Information. CVSS score: 5.3/10. Published 2020-12-16.

How severe is CVE-2020-14248?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Vulnerability in Hcltech Bigfix_platform

CVE-2020-14248

BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

EPSS: 0.007 (46.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Hcltech Bigfix_platform
N/a Hcl Bigfix Inventory — versions v9, v10.0.x

Weakness classification (CWE)

CWE-319 — Cleartext Transmission of Sensitive Information

References

psirt@hcl.com (x_refsource_MISC, Mitigation, Vendor Advisory)

Frequently asked questions

What is CVE-2020-14248?: CVE-2020-14248 is a medium-severity vulnerability in Hcltech Bigfix_platform, classified under Cleartext Transmission of Sensitive Information. CVSS score: 5.3/10. Published 2020-12-16.
How severe is CVE-2020-14248?: Medium severity. CVSS v3 base score is 5.3 out of 10.