2 matches found
Security Bulletin: Provision to add https and Secure Flag to bayeux_browser cookie for IBM Control Desk.
Summary BAYEUXBROWSER cookie is generated from Cometd Server and it remains live with the session. In older versions of cometd server, BAYEUXBROWSER cookie was neither true for https nor for secure. But in the current version ie. 5.0.3, there is a provision to make the cookie true for https and...
CVE-2022-22330
CVE-2022-22330 affects IBM Control Desk 7.6.x (notably 7.6.1) and is caused by the HTTPOnly flag not being set on a cookie (BAYEUX_BROWSER). A remote attacker could access cookie data due to this missing flag. IBM’s security bulletin confirms the vulnerability and provides a remediation path: upg...