CVE-2020-14248 — MEDIUM (5.3)

Q: How severe is CVE-2020-14248?

CVE-2020-14248 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-14248?

Check the references section above for vendor advisories and patch information. Affected products include: Hcltech Bigfix Platform.

Vulnerability Description

BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Hcltech	Bigfix Platform	>= 9.0.0, <= 10.0.2

Related Weaknesses (CWE)

CWE-319

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085735MitigationVendor Advisory
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085735MitigationVendor Advisory

FAQ

What is CVE-2020-14248?

CVE-2020-14248 is a vulnerability with a CVSS score of 5.3 (MEDIUM). BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers t...

How severe is CVE-2020-14248?

CVE-2020-14248 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-14248?

Check the references section above for vendor advisories and patch information. Affected products include: Hcltech Bigfix Platform.