op5 Monitor and op5 Appliance before 5.5.0 do not properly manage session cookies, which allows remote attackers to have an unspecified impact via unspecified vectors.