CVE-2022-22329

Name of the Vulnerable Software and Affected Versions IBM Control Desk version 7.6.1

Description The issue allows attackers to obtain cookie values by sending an http link to a user or planting this link in a site the user visits. When the user clicks the link, the cookie will be sent to the insecure link, and the attacker can then obtain the cookie value by snooping the traffic.

Recommendations For IBM Control Desk version 7.6.1, consider configuring the application to set the secure attribute on authorization tokens or session cookies to prevent them from being sent over insecure connections. As a temporary workaround, restrict access to sensitive resources that rely on these cookies until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.