VYPR

Control Desk

by IBM

CVEs (4)

  • CVE-2015-5016MedMar 27, 2018
    risk 0.28cvss 4.3epss 0.01

    IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read…

  • CVE-2022-22330Sep 13, 2022
    risk 0.00cvss epss 0.01

    IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 219126.

  • CVE-2022-22329Sep 13, 2022
    risk 0.00cvss epss 0.01

    IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure…

  • CVE-2021-20559May 10, 2021
    risk 0.00cvss epss 0.01

    IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…