CVE-2013-0529

EUVD-2013-0540
The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
Affected Products (NVD)
VendorProductVersion
ibmsterling_connect_direct_user_interface
1.4.0.0
ibmsterling_connect_direct_user_interface
1.4.0.2
ibmsterling_connect_direct_user_interface
1.4.0.3
ibmsterling_connect_direct_user_interface
1.4.0.6
ibmsterling_connect_direct_user_interface
1.4.0.7
ibmsterling_connect_direct_user_interface
1.4.0.10
ibmsterling_connect_direct_user_interface
1.5.0.0
ibmsterling_connect_direct_user_interface
1.5.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1IC90478
http://www-01.ibm.com/support/docview.wss?uid=swg21640356
https://exchange.xforce.ibmcloud.com/vulnerabilities/82611
http://www-01.ibm.com/support/docview.wss?uid=swg1IC90478
http://www-01.ibm.com/support/docview.wss?uid=swg21640356
https://exchange.xforce.ibmcloud.com/vulnerabilities/82611