Enterprise EDR: What access does the JSESSION cookie returned in an API request have?
Article ID: 292555
Updated On:
Products
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
What access does the JSESSION cookie returned in an API request have?
Environment
- Enterprise EDR: All Versions
- Enterprise EDR API
Resolution
The JSESSIONID cookie is a default session cookie for java applications. It is not used for API authentication or authorisation.
Additional Information
The JSESSION cookie has been reviewed by the security engineering team and does not pose a security concern.
Feedback
Yes
No
Powered by
