Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
EspoCRM Cleartext Transmission of Sensitive Information Vulnerability - CVE-2022-38846 - Vulnerability Database
EspoCRM

EspoCRM Cleartext Transmission of Sensitive Information Vulnerability - CVE-2022-38846

Medium
Reference: CVE-2022-38846
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-38846
Title: EspoCRM Cleartext Transmission of Sensitive Information Vulnerability
Overview:

EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP). An attacker may capture the cookie from the insecure channel using MITM attack.