PT-2022-15369 · Ibm · Ibm Control Desk
Published
2022-09-13
·
Updated
2023-08-08
·
CVE-2022-22330
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Control Desk version 7.6.1
Description
The issue is caused by the failure to set the HTTPOnly flag, allowing a remote attacker to obtain sensitive information from the cookie.
Recommendations
For IBM Control Desk version 7.6.1, set the HTTPOnly flag to prevent sensitive information from being accessed.
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Control Desk