CVE-2022-22329

Published: Sep 13, 2022Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 219124.

Affected (6)

Products: Ibm: Control Desk

Ibm

1 product

Control Desk

Configuration A

6 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Control Desk	Version 7.6.0.1
Ibm Control Desk	Version 7.6.0
Ibm Control Desk	Version 7.6.1.1
Ibm Control Desk	Version 7.6.1.2
Ibm Control Desk	Version 7.6.1.3
Ibm Control Desk	Version 7.6.1

Running on/with	Platform Versions
Linux Linux Kernel	All versions

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/219124

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/6619739

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/219124

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/6619739

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.