Vulnerabilities > IBM > Control Desk

DATE CVE VULNERABILITY TITLE RISK
2022-09-13 CVE-2022-22329 Unspecified vulnerability in IBM Control Desk
IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm
4.3
4.3
2022-09-13 CVE-2022-22330 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Control Desk
IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag.
network
low complexity
ibm CWE-732
5.3
5.3
2021-05-10 CVE-2021-20559 Cross-site Scripting vulnerability in IBM Control Desk 7.6.1.2/7.6.1.3
IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2020-09-16 CVE-2020-4409 Open Redirect vulnerability in IBM products
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack.
network
low complexity
ibm CWE-601
8.2
8.2
2020-04-17 CVE-2019-4749 Cross-site Scripting vulnerability in IBM products
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2020-04-17 CVE-2019-4644 Cross-site Scripting vulnerability in IBM products
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
6.1
2020-04-17 CVE-2019-4446 Unspecified vulnerability in IBM products
IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters.
network
low complexity
ibm
5.4
5.4
2020-02-19 CVE-2019-4429 Cross-site Scripting vulnerability in IBM products
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2019-10-09 CVE-2019-4512 Information Exposure Through an Error Message vulnerability in IBM products
IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system.
network
low complexity
ibm CWE-209
4.3
4.3
2019-06-19 CVE-2019-4364 Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM products
IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system.
network
low complexity
ibm CWE-1236
8.0
8.0