Lucene search
HistoryJun 21, 2013 - 2:55 p.m.
CVE-2013-0529
ibm
sterling connect:direct
cve-2013-0529
security
session cookie
https
vulnerability
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.5 Medium
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
76.9%
The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Affected configurations
Node
ibmsterling_connect_direct_user_interfaceMatch1.4.0.0
ORibmsterling_connect_direct_user_interfaceMatch1.4.0.2
ORibmsterling_connect_direct_user_interfaceMatch1.4.0.3
ORibmsterling_connect_direct_user_interfaceMatch1.4.0.6
ORibmsterling_connect_direct_user_interfaceMatch1.4.0.7
ORibmsterling_connect_direct_user_interfaceMatch1.4.0.10
Node
ibmsterling_connect_direct_user_interfaceMatch1.5.0.0
ORibmsterling_connect_direct_user_interfaceMatch1.5.0.1
Related
prion
prion
Session fixation
2013-06-21 14:55:00
nvd
nvd
CVE-2013-0529
2013-06-21 14:55:01
ibm
ibm
cvelist
cvelist
CVE-2013-0529
2013-06-21 14:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.5 Medium
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
76.9%
Related for CVE-2013-0529