Description

EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP). An attacker may capture the cookie from the insecure channel using MITM attack.

Remediation

References

CVE-2022-38846

Related Vulnerabilities

Envoy Proxy Out-of-bounds Write Vulnerability (CVE-2019-18801)

WordPress Plugin Multivendor Marketplace Solution for WooCommerce-WC Marketplace Cross-Site Request Forgery (3.7.3)

Oracle Database Server CVE-2006-0291 Vulnerability (CVE-2006-0291)

MySQL CVE-2021-2001 Vulnerability (CVE-2021-2001)

OpenSSL Key Management Errors Vulnerability (CVE-2016-7056)

Severity

Medium

Classification

CVE-2022-38846 CWE-319 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities