CVE-2022-33167
LOWDescription
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 228587.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| ibm | security_directory_integrator |
| ibm | security_verify_directory_integrator |
References
Frequently Asked Questions
What is CVE-2022-33167? +
How severe is CVE-2022-33167? +
What products are affected by CVE-2022-33167? +
How do I check if I'm vulnerable to CVE-2022-33167? +
Related Vulnerabilities
This vulnerability exists in Digisol DG-GR6821AC Router due to misconfiguration of both Secure and HttpOnly flags on session cookies associated …
This vulnerability exists in the CP Plus Router due to insecure handling of cookie flags used within its web interface. …
An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag.
Budibase is an open-source low-code platform. Prior to version 3.35.10, the budibase:auth cookie containing the JWT session token is set …
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router's …
TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as /trufusionPortal/getProjectList. However, the …