CVE-2022-25151
moderate-risk
Published 2022-06-09
Within the Service Desk module of the ITarian platform (SAAS and on-premise), a remote attacker can obtain sensitive information, caused by the failure to set the HTTP Only flag. A remote attacker could exploit this vulnerability to gain access to the management interface by using this vulnerability in combination with a successful Cross-Site Scripting attack on a user.
Do I need to act?
-
0.29% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ HIGH complexity
Affected Products (2)
On-Premise
Saas Service Desk
Affected Vendors
References (4)
Third Party Advisory
https://csirt.divd.nl/CVE-2022-25151
Third Party Advisory
https://csirt.divd.nl/DIVD-2021-00037
Third Party Advisory
https://csirt.divd.nl/CVE-2022-25151
Third Party Advisory
https://csirt.divd.nl/DIVD-2021-00037
30
/ 100
moderate-risk
Severity
22/34 · High
Exploitability
1/34 · Minimal
Exposure
7/34 · Low