CVE-2022-22329

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 13-09-2022 11:15

Last modified: - 13-09-2022 11:27

Total changes: - 1

Description

IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 219124.

Common Vulnerability Scoring System (CVSS)

Attack complexity

Attack vector

Availability

Confidentiality

Integrity

Privileges required

Scope

User interaction

Base score

Exploitability score

Impact score

Verification logic

Reference

ibm-controldesk-cve202222329-info-disc (219124)-
https://www.ibm.com/support/pages/node/6619739

Keywords

CVE-2022-22329

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2022-22329

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures