BLU-IC2 and BLU-IC4 HTTP Security Misconfiguration Vulnerability Allowing Cookie Access via JavaScript

Vulnerability

A security misconfiguration vulnerability has been identified in BLU-IC2 and BLU-IC4 products, both through version 1.19.5. The issue arises from a lack of proper security attributes, such as 'Secure' and 'HttpOnly', on cookies. This misconfiguration may enable the reading of sensitive cookies through the JavaScript context.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive cookie data, which may include session tokens or other critical information, depending on the application's use of cookies.

Added: Oct 21, 2025, 6:19 PM

Updated: Oct 21, 2025, 7:41 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.5

exploitability

5.2

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.5

exploitability

5.2

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BLU-IC2 and BLU-IC4 HTTP Security Misconfiguration Vulnerability Allowing Cookie Access via JavaScript

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating