How severe is CVE-2021-40642?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2021-40642?

This is classified as CWE-311, which is a common weakness in software security.

CVE-2021-40642

MEDIUM Year: 2021

CVSS v3 Score

4.3

Medium

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-311

View all →

Vulnerability Description

Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site.

CVE-2017-8168

MEDIUM

CVSS:4.3(Medium)

FusionSphere OpenStack with software V100R006C00SPC102(NFV) and V100R006C10 have an information leak vulnerability. Due to an incorrect configuration item, the information transmitted by a transmissio...

CWE-3112017

CVE-2019-4616

MEDIUM

CVSS:4.3(Medium)

IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or...

CWE-3112019

CVE-2020-2239

MEDIUM

CVSS:4.3(Medium)

Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to ...

CWE-3112020

CVE-2021-29883

MEDIUM

CVSS:4.3(Medium)

IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cooki...

CWE-3112021

CVE-2022-34307

MEDIUM

CVSS:4.3(Medium)

IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this li...

CWE-3112022

CVE-2023-32982

MEDIUM

CVSS:4.3(Medium)

Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read per...

CWE-3112023

CVE-2021-40642

Vulnerability Description

Related Vulnerabilities

CVE-2017-8168

CVE-2019-4616

CVE-2020-2239

CVE-2021-29883

CVE-2022-34307

CVE-2023-32982