Lucene search

[email protected]CVE-2013-6237

HistoryDec 10, 2013 - 4:55 p.m.

CVE-2013-6237

2013-12-1016:55:25

CWE-200

[email protected]

web.nvd.nist.gov

cve-2013-6237

isl desktop

windows

remote authentication

sensitive information

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.6%

JSON

The ISL Desktop plugin for Windows before 1.4.7 for ISL Light 3.5.4 and earlier allows remote authenticated users to obtain sensitive information by pasting the clipboard contents that have been copied by another user in the session.

Affected configurations

NVD

Node

islonlineisl_desktop_pluginRange≤1.4.3--windowsisl_light

islonlineisl_desktop_pluginMatch1.3.3--windowsisl_light

islonlineisl_desktop_pluginMatch1.4.1--windowsisl_light

islonlineisl_desktop_pluginMatch1.4.2--windowsisl_light

AND

islonlineisl_lightRange≤3.5.4

CPENameOperatorVersion
islonline:isl_desktop_pluginislonline isl desktop pluginle1.4.3
islonline:isl_desktop_pluginislonline isl desktop plugineq1.3.3
islonline:isl_desktop_pluginislonline isl desktop plugineq1.4.1
islonline:isl_desktop_pluginislonline isl desktop plugineq1.4.2
islonline:isl_lightislonline isl lightle3.5.4

CPE	Name	Operator	Version
islonline:isl_desktop_plugin	islonline isl desktop plugin	le	1.4.3
islonline:isl_desktop_plugin	islonline isl desktop plugin	eq	1.3.3
islonline:isl_desktop_plugin	islonline isl desktop plugin	eq	1.4.1
islonline:isl_desktop_plugin	islonline isl desktop plugin	eq	1.4.2
islonline:isl_light	islonline isl light	le	3.5.4

References

osvdb.org/100512

packetstormsecurity.com/files/124274/ISL-Light-Desktop-3.5.4-Information-Disclosure.html

seclists.org/fulldisclosure/2013/Dec/14

www.islonline.com/help/isl-releases-info/any/manual/?2013-11-29-rel-info-isl-light-desktop-plugin-1-4-7-win.htm

www.securityfocus.com/bid/64050

exchange.xforce.ibmcloud.com/vulnerabilities/89399

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.6%

JSON

Related for CVE-2013-6237

prion1 packetstorm1 nvd1 cvelist1