CVE-2013-0529

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2013-0529
The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1IC90478
http://www-01.ibm.com/support/docview.wss?uid=swg21640356
https://exchange.xforce.ibmcloud.com/vulnerabilities/82611
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.10:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.5.0.1:*:*:*:*:*:*:*
History

No history.

Information

Published : 2013-06-21 14:55

Updated : 2024-02-04 18:16

NVD link : CVE-2013-0529

Mitre link : CVE-2013-0529

CVE.ORG link : CVE-2013-0529

JSON object : View

Products Affected

ibm

  • sterling_connect_direct_user_interface
CWE
CWE-264

Permissions, Privileges, and Access Controls