CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-25151

Within the Service Desk module of the ITarian platform (SAAS and on-premise), a remote attacker can obtain sensitive information, caused by the failure to set the HTTP Only flag. A remote attacker could exploit this vulnerability to gain access to the management interface by using this vulnerability in combination with a successful Cross-Site Scripting attack on a user.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 54.4%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://csirt.divd.nl/CVE-2022-25151
https://csirt.divd.nl/DIVD-2021-00037
https://csirt.divd.nl/CVE-2022-25151
https://csirt.divd.nl/DIVD-2021-00037

Products affected by CVE-2022-25151

Itarian » On-Premise » Version: Any

cpe:2.3:a:itarian:on-premise:*
Itarian » Saas Service Desk » Version: N/A

cpe:2.3:a:itarian:saas_service_desk:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-25151

Products

Pricing

Contact Us