3 matches found
Security Bulletin: Provision to add https and Secure Flag to bayeux_browser cookie for IBM Control Desk.
Summary BAYEUXBROWSER cookie is generated from Cometd Server and it remains live with the session. In older versions of cometd server, BAYEUXBROWSER cookie was neither true for https nor for secure. But in the current version ie. 5.0.3, there is a provision to make the cookie true for https and...
CVE-2022-22329
IBM Control Desk 7.6.1 is vulnerable because authorization tokens and session cookies lack the secure attribute, allowing cookie values to be captured if a user visits an http link or a link is planted on a site. The issue affects IBM Control Desk 7.6.x (notably 7.6.1). Mitigation documented by I...
CVE-2022-22329
IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacke...