cvedb.io
CVE-2022-21940
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2023-02-09T21:15:11.213 · Last modified 2026-06-17T04:27:19.603

Summary

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.

Affected products

johnsoncontrols — metasys_system_configuration_tool

Does this affect you?

Add your gear to cvedb and we'll alert you only when johnsoncontrols ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.