Main Vulnerability Database Vulnerabilities #VU97987

#VU97987 Sensitive cookie with improper SameSite attribute in RAID Web Console 3 - CVE-2023-4329

Published: October 3, 2024

Vulnerability identifier: #VU97987

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-4329

CWE-ID: CWE-1275

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
RAID Web Console 3

Software vendor:
Intel

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to the web interface does not set the SameSite attribute for the SESSIONID cookie. A remote attacker with ability to perform XSS attack can obtain session identifier of another user.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html

#VU97987 Sensitive cookie with improper SameSite attribute in RAID Web Console 3 - CVE-2023-4329

Description

Remediation

External links

Please verify you're human