CVE-2013-0527

The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensitive administrative-console information by reading the screen of an unattended workstation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
1.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:N/A:N
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
VendorProductVersion
ibmsterling_connect_direct_user_interface
1.4.0.0
ibmsterling_connect_direct_user_interface
1.4.0.2
ibmsterling_connect_direct_user_interface
1.4.0.3
ibmsterling_connect_direct_user_interface
1.4.0.6
ibmsterling_connect_direct_user_interface
1.4.0.7
ibmsterling_connect_direct_user_interface
1.4.0.10
ibmsterling_connect_direct_user_interface
1.5.0.0
ibmsterling_connect_direct_user_interface
1.5.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1IC90479
http://www-01.ibm.com/support/docview.wss?uid=swg21640356
https://exchange.xforce.ibmcloud.com/vulnerabilities/82609
http://www-01.ibm.com/support/docview.wss?uid=swg1IC90479
http://www-01.ibm.com/support/docview.wss?uid=swg21640356
https://exchange.xforce.ibmcloud.com/vulnerabilities/82609