Vulnerabilities > IBM > Control Desk > 7.6.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-13 | CVE-2022-22329 | Unspecified vulnerability in IBM Control Desk IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
| 2022-09-13 | CVE-2022-22330 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Control Desk IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. | 5.3 |
| 2020-09-16 | CVE-2020-4409 | Open Redirect vulnerability in IBM products IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. | 8.2 |
| 2020-04-17 | CVE-2019-4749 | Cross-site Scripting vulnerability in IBM products IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. | 5.4 |
| 2020-04-17 | CVE-2019-4644 | Cross-site Scripting vulnerability in IBM products IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. | 6.1 |
| 2020-04-17 | CVE-2019-4446 | Unspecified vulnerability in IBM products IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. | 5.4 |
| 2020-02-19 | CVE-2019-4429 | Cross-site Scripting vulnerability in IBM products IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. | 5.4 |
| 2019-06-06 | CVE-2019-4048 | Improper Privilege Management vulnerability in IBM products IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. | 2.1 |