What is CVE-2022-25151?

CVE-2022-25151 is a high-severity vulnerability in Itarian Saas Platform / On-premise, classified under Sensitive Cookie in HTTPS Session Without 'Secure' Attribute. CVSS score: 7.5/10. Published 2022-06-08.

How severe is CVE-2022-25151?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Itarian Saas Platform / On-premise

CVE-2022-25151

Within the Service Desk module of the ITarian platform (SAAS and on-premise), a remote attacker can obtain sensitive information, caused by the failure to set the HTTP Only flag. A remote attacker could exploit this vulnerability to gain a…

EPSS: 0.003 (52.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Itarian Saas Platform / On-premise — versions any version

Weakness classification (CWE)

CWE-614 — Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

References

csirt.divd.nl/DIVD-2021-00037 (x_refsource_CONFIRM, related)
csirt.divd.nl/CVE-2022-25151 (x_refsource_CONFIRM, third-party-advisory)

Frequently asked questions

What is CVE-2022-25151?: CVE-2022-25151 is a high-severity vulnerability in Itarian Saas Platform / On-premise, classified under Sensitive Cookie in HTTPS Session Without 'Secure' Attribute. CVSS score: 7.5/10. Published 2022-06-08.
How severe is CVE-2022-25151?: High severity. CVSS v3 base score is 7.5 out of 10.