Control Desk@7.6.1.3 Security Vulnerabilities and Issues — Control Desk@7.6.1.3 CVE List

Lucene search

IbmControl Desk7.6.1.3

3 matches found

CVE•added 2022/09/13 9:15 p.m.•61 views

CVE-2022-22329

IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker ...

4.3CVSS4.2AI score0.00102EPSS

CVE•added 2022/09/13 9:15 p.m.•56 views

CVE-2022-22330

IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 219126.

5.3CVSS4.9AI score0.00057EPSS

CVE•added 2021/05/10 5:15 p.m.•29 views

CVE-2021-20559

IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199228.

5.4CVSS5.2AI score0.001EPSS