Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

CVE-2025-52608

Low

3.1/10

Summary

HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. And also path is set to root.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.

References

Advisory Timeline

Published Jun 04, 2026

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

CVE-2025-52608

Summary

CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS