Vulnerabilities > IBM > Control Desk > 7.6.1.3

DATE CVE VULNERABILITY TITLE RISK
2022-09-13 CVE-2022-22329 Unspecified vulnerability in IBM Control Desk
IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm
4.3
4.3
2022-09-13 CVE-2022-22330 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Control Desk
IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag.
network
low complexity
ibm CWE-732
5.3
5.3
2021-05-10 CVE-2021-20559 Cross-site Scripting vulnerability in IBM Control Desk 7.6.1.2/7.6.1.3
IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4