Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for sentinel_ldk by gemalto

    CVE-2019-8283 (GCVE-0-2019-8283)

    Vulnerability from nvd – Published: 2019-06-07 14:18 – Updated: 2024-08-04 21:17
    VLAI
    Summary
    Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7.92, does not have 'HttpOnly' flag. This allows malicious javascript to steal it.
    Severity
    No CVSS data available.
    CWE
    • CWE-1004 - Sensitive Cookie Without 'HttpOnly' Flag
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Sentinel LDK RTE Affected: 7.91
    Date Public
    2019-06-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:17:30.496Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/06/05/klcert-19-030-hasplm-cookie-without-httponly-attribute/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sentinel LDK RTE",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.91"
                }
              ]
            }
          ],
          "datePublic": "2019-06-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7.92, does not have \u0027HttpOnly\u0027 flag. This allows malicious javascript to steal it."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1004",
                  "description": "CWE-1004: Sensitive Cookie Without \u0027HttpOnly\u0027 Flag",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-07T14:18:05.000Z",
            "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
            "shortName": "Kaspersky"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/06/05/klcert-19-030-hasplm-cookie-without-httponly-attribute/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerability@kaspersky.com",
              "ID": "CVE-2019-8283",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Sentinel LDK RTE",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.91"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7.92, does not have \u0027HttpOnly\u0027 flag. This allows malicious javascript to steal it."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-1004: Sensitive Cookie Without \u0027HttpOnly\u0027 Flag"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/06/05/klcert-19-030-hasplm-cookie-without-httponly-attribute/",
                  "refsource": "MISC",
                  "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/06/05/klcert-19-030-hasplm-cookie-without-httponly-attribute/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "assignerShortName": "Kaspersky",
        "cveId": "CVE-2019-8283",
        "datePublished": "2019-06-07T14:18:05.000Z",
        "dateReserved": "2019-02-12T00:00:00.000Z",
        "dateUpdated": "2024-08-04T21:17:30.496Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-8282 (GCVE-0-2019-8282)

    Vulnerability from nvd – Published: 2019-06-07 14:21 – Updated: 2024-08-04 21:17
    VLAI
    Summary
    Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with www3.safenet-inc.com to obtain language packs. This allows attacker to do man-in-the-middle (MITM) attack and replace original language pack by malicious one.
    Severity
    No CVSS data available.
    CWE
    • CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Sentinel LDK RTE Affected: 7.91
    Date Public
    2019-06-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:17:31.269Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/06/05/klcert-19-029-gemalto-admin-control-center-uses-cleartext-communication-with-www3-safenet-inc-com/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sentinel LDK RTE",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.91"
                }
              ]
            }
          ],
          "datePublic": "2019-06-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with www3.safenet-inc.com to obtain language packs. This allows attacker to do man-in-the-middle (MITM) attack and replace original language pack by malicious one."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-300",
                  "description": "CWE-300: Channel Accessible by Non-Endpoint (\u0027Man-in-the-Middle\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-07T14:21:01.000Z",
            "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
            "shortName": "Kaspersky"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/06/05/klcert-19-029-gemalto-admin-control-center-uses-cleartext-communication-with-www3-safenet-inc-com/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerability@kaspersky.com",
              "ID": "CVE-2019-8282",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Sentinel LDK RTE",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.91"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with www3.safenet-inc.com to obtain language packs. This allows attacker to do man-in-the-middle (MITM) attack and replace original language pack by malicious one."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-300: Channel Accessible by Non-Endpoint (\u0027Man-in-the-Middle\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/06/05/klcert-19-029-gemalto-admin-control-center-uses-cleartext-communication-with-www3-safenet-inc-com/",
                  "refsource": "MISC",
                  "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/06/05/klcert-19-029-gemalto-admin-control-center-uses-cleartext-communication-with-www3-safenet-inc-com/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "assignerShortName": "Kaspersky",
        "cveId": "CVE-2019-8282",
        "datePublished": "2019-06-07T14:21:01.000Z",
        "dateReserved": "2019-02-12T00:00:00.000Z",
        "dateUpdated": "2024-08-04T21:17:31.269Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-8282 (GCVE-0-2019-8282)

    Vulnerability from cvelistv5 – Published: 2019-06-07 14:21 – Updated: 2024-08-04 21:17
    VLAI
    Summary
    Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with www3.safenet-inc.com to obtain language packs. This allows attacker to do man-in-the-middle (MITM) attack and replace original language pack by malicious one.
    Severity
    No CVSS data available.
    CWE
    • CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Sentinel LDK RTE Affected: 7.91
    Date Public
    2019-06-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:17:31.269Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/06/05/klcert-19-029-gemalto-admin-control-center-uses-cleartext-communication-with-www3-safenet-inc-com/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sentinel LDK RTE",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.91"
                }
              ]
            }
          ],
          "datePublic": "2019-06-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with www3.safenet-inc.com to obtain language packs. This allows attacker to do man-in-the-middle (MITM) attack and replace original language pack by malicious one."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-300",
                  "description": "CWE-300: Channel Accessible by Non-Endpoint (\u0027Man-in-the-Middle\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-07T14:21:01.000Z",
            "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
            "shortName": "Kaspersky"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/06/05/klcert-19-029-gemalto-admin-control-center-uses-cleartext-communication-with-www3-safenet-inc-com/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerability@kaspersky.com",
              "ID": "CVE-2019-8282",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Sentinel LDK RTE",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.91"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with www3.safenet-inc.com to obtain language packs. This allows attacker to do man-in-the-middle (MITM) attack and replace original language pack by malicious one."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-300: Channel Accessible by Non-Endpoint (\u0027Man-in-the-Middle\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/06/05/klcert-19-029-gemalto-admin-control-center-uses-cleartext-communication-with-www3-safenet-inc-com/",
                  "refsource": "MISC",
                  "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/06/05/klcert-19-029-gemalto-admin-control-center-uses-cleartext-communication-with-www3-safenet-inc-com/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "assignerShortName": "Kaspersky",
        "cveId": "CVE-2019-8282",
        "datePublished": "2019-06-07T14:21:01.000Z",
        "dateReserved": "2019-02-12T00:00:00.000Z",
        "dateUpdated": "2024-08-04T21:17:31.269Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-8283 (GCVE-0-2019-8283)

    Vulnerability from cvelistv5 – Published: 2019-06-07 14:18 – Updated: 2024-08-04 21:17
    VLAI
    Summary
    Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7.92, does not have 'HttpOnly' flag. This allows malicious javascript to steal it.
    Severity
    No CVSS data available.
    CWE
    • CWE-1004 - Sensitive Cookie Without 'HttpOnly' Flag
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Sentinel LDK RTE Affected: 7.91
    Date Public
    2019-06-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:17:30.496Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/06/05/klcert-19-030-hasplm-cookie-without-httponly-attribute/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sentinel LDK RTE",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.91"
                }
              ]
            }
          ],
          "datePublic": "2019-06-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7.92, does not have \u0027HttpOnly\u0027 flag. This allows malicious javascript to steal it."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1004",
                  "description": "CWE-1004: Sensitive Cookie Without \u0027HttpOnly\u0027 Flag",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-07T14:18:05.000Z",
            "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
            "shortName": "Kaspersky"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/06/05/klcert-19-030-hasplm-cookie-without-httponly-attribute/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerability@kaspersky.com",
              "ID": "CVE-2019-8283",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Sentinel LDK RTE",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.91"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7.92, does not have \u0027HttpOnly\u0027 flag. This allows malicious javascript to steal it."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-1004: Sensitive Cookie Without \u0027HttpOnly\u0027 Flag"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/06/05/klcert-19-030-hasplm-cookie-without-httponly-attribute/",
                  "refsource": "MISC",
                  "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/06/05/klcert-19-030-hasplm-cookie-without-httponly-attribute/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "assignerShortName": "Kaspersky",
        "cveId": "CVE-2019-8283",
        "datePublished": "2019-06-07T14:18:05.000Z",
        "dateReserved": "2019-02-12T00:00:00.000Z",
        "dateUpdated": "2024-08-04T21:17:30.496Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }