Sensitive Cookie Without 'HttpOnly' Flag

CVE-2022-33167

Low

3.7/10

Summary

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 228587.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-1004 - Sensitive Cookie Without 'HttpOnly' Flag

The software uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag.

References

Advisory Timeline

Published Jul 30, 2024

Sensitive Cookie Without 'HttpOnly' Flag

CVE-2022-33167

Summary

CWE-1004 - Sensitive Cookie Without 'HttpOnly' Flag

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS