CVE-2022-33167

HIGH Year: 2022
CVSS v3 Score
7.5
High
Weakness Type
CWE-1004
View all →

Vulnerability Description

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 228587.

Related Vulnerabilities

CVE-2022-25172

HIGH
CVSS:7.5(High)

An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessibl...

CWE-10042022

CVE-2022-43845

HIGH
CVSS:7.5(High)

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability...

CWE-10042022

CVE-2024-41685

MEDIUM
CVSS:7.5(High)

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router's web management interface. An attacker with remote acce...

CWE-10042024

CVE-2021-3706

HIGH
CVSS:7.4(High)

adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag

CWE-10042021

CVE-2025-24318

MEDIUM
CVSS:6.8(Medium)

Cookie policy is observable via built-in browser tools. In the presence of XSS, this could lead to full session compromise.

CWE-10042025

CVE-2019-8283

MEDIUM
CVSS:6.5(Medium)

Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7.92, does not have 'HttpOnly' flag. This allows malicious javascript to steal it.

CWE-10042019