Web: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22329

Sept. 13, 2022, 9:15 p.m. |

National Vulnerability Database nist.gov

IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 219124.

cve

Cybersecurity Engineer

@ Apercen Partners LLC | Folsom, CA

IDM Sr. Security Developer

@ The Ohio State University | Columbus, OH, United States

IT Security Engineer

@ Stylitics | New York City

Information Security Engineer

@ VDA Labs | Remote

Information Security Analyst

@ Metropolitan Transportation Commission | San Francisco, CA

Director of Security Operations, CISO office

@ Okcoin | San Jose, California, United States

Systems Security Engineer

@ Synctera | Canada or US Remote

Cyberark Senior Consultant I | Remote, Canada

@ Optiv | Toronto, ON

Privacy & Cybersecurity Counsel

@ Brightspeed | Charlotte, NC, United States

Sr/Staff Threat Researcher

@ SecurityScorecard | Remote (US/Canada)

Consultant SOC / CERT H/F

@ Hifield | Sèvres, France

SOC Analyst

@ Starling Bank | Southampton, England, United Kingdom