Session Cookie Vulnerability in SINEC Traffic Analyzer by Siemens
CVE-2024-35211
6.8MEDIUM
Summary
A session cookie vulnerability has been detected in Siemens' SINEC Traffic Analyzer, where the web server fails to set important security attributes for session cookies after user login. This oversight allows potential attackers to exploit unsecured cookies, posing risks such as session hijacking and unauthorized access. The affected versions of the product are those prior to V1.2, emphasizing the need for immediate attention to enhance security measures.
Affected Version(s)
SINEC Traffic Analyzer 0
References
CVSS V4
Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved