CVE-2024-44575
First published: Wed Sep 11 2024(Updated: )
RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Relyum Rely-PCIe | >=22.2.1<=23.1.0 | |
| All of | ||
| Relyum Rely-PCIe | >=22.2.1<=23.1.0 | |
| Relyum Rely-PCIe |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-44575?
CVE-2024-44575 has a medium severity level due to its ability to expose sensitive cookies over insecure connections.
How do I fix CVE-2024-44575?
To fix CVE-2024-44575, update the RELY-PCIe firmware to version 23.1.1 or later to ensure the Secure attribute is set for sensitive cookies.
What impact does CVE-2024-44575 have on users?
CVE-2024-44575 could allow sensitive cookies to be transmitted in cleartext during HTTP sessions, potentially compromising user privacy.
Which versions of RELY-PCIe are affected by CVE-2024-44575?
Versions 22.2.1 to 23.1.0 of RELY-PCIe are affected by CVE-2024-44575.
Is there a workaround for CVE-2024-44575 if I cannot update immediately?
As a temporary workaround for CVE-2024-44575, avoid transmitting sensitive data over HTTP connections until a firmware update can be applied.
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/source
- agent/last-modified-date
- agent/event
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- vendor/rely
- canonical/relyum rely-pcie
- vendor/relyum
- version/relyum rely-pcie/22.2.1
- version/relyum rely-pcie/23.1.0