RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Information Disclosure
Rely Pcie Firmware
NVD
CVSS 3.1
3.7
EPSS
0.3%
Affected versions of Octopus Server had a weak content security policy. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.
Information Disclosure
Octopus Server
NVD
CVSS 3.1
2.6
EPSS
0.2%