CVE-2019-14849: XSS
First published: Thu Dec 12 2019(Updated: )
A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat 3scale | <2.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-14849?
CVE-2019-14849 is rated as a medium severity vulnerability due to its potential for unauthorized information access.
How do I fix CVE-2019-14849?
To fix CVE-2019-14849, upgrade to 3scale version 2.6 or later where the HTTPOnly attribute is correctly set on user session cookies.
What impacts does CVE-2019-14849 have on my application?
CVE-2019-14849 can lead to cross site scripting attacks, allowing attackers to steal session cookies and access unauthorized information.
Which versions of 3scale are affected by CVE-2019-14849?
CVE-2019-14849 affects all versions of 3scale prior to version 2.6.
Is there a workaround for CVE-2019-14849 if I can't upgrade?
There are no specific workarounds for CVE-2019-14849; upgrading to the patched version is the recommended approach.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/references
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/red hat 3scale