CNNVD-202510-2727 Information

Oct 21, 2025 cve

CNNVD ID

CNNVD-202510-2727

CVE-2025-12031

CNNVD Published: 2025-10-21

Description (Chinese)

Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4都是美国Azure Access Technology公司的一种网络门禁控制器。 Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 1.19.5及之前版本存在安全漏洞，该漏洞源于缺少Secure和HTTPOnly属性，可能导致从javascript环境中读取敏感cookie。

Description (English)

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are all web-based portal controllers for Azure Access Technology in the United States. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 1.19.5 and previous versions have security loopholes that stem from the lack of Secure and HTTPOnly attributes, which may lead to sensitive cookies being read from the javascript environment.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Azure Access Technology

Published

2025-10-21

Last Modified

2026-02-24

References

https://azure-access.com/security-advisories https://access.redhat.com/security/cve/cve-2025-12031

Share on: