High severity7.5NVD Advisory· Published Feb 9, 2023· Updated Jun 17, 2026
CVE-2022-21939
CVE-2022-21939
Description
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <14.2.3, <15.0.3
<14.2.3, <15.0.3+ 1 more
- (no CPE)range: <14.2.3, <15.0.3
- (no CPE)range: 14
Patches
Vulnerability mechanics
References
2- www.cisa.gov/uscert/ics/advisories/icsa-23-040-03nvdThird Party AdvisoryUS Government ResourceVDB Entry
- www.johnsoncontrols.com/cyber-solutions/security-advisoriesnvdVendor Advisory
News mentions
0No linked articles in our index yet.