CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Description

The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.

Latest vulnerabilities for CWE-614

Insecure cookie configuration in Apache Tomcat 2023-03-22
Low Yes

Sensitive cookie in HTTPS session without 'secure' attribute in IBM CICS TX Advanced 2023-02-24
Low Yes

Multiple vulnerabilities in Johnson Controls System Configuration Tool (SCT) 2023-02-10
Low Yes

Multiple vulnerabilities in IBM CICS TX 2022-11-21
Low No

Multiple vulnerabilities in Rdiffweb 2022-09-26
Medium Yes

Information disclosure in IBM CICS TX Standard 2022-08-01
Low Yes

Multiple vulnerabilities in Siemens Desigo PXC and DXR Devices 2022-05-11
Medium Yes

References

Description of CWE-614 on Mitre website