CVE-2013-0529

The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
VendorProductVersion
ibmsterling_connect_direct_user_interface
1.4.0.0
ibmsterling_connect_direct_user_interface
1.4.0.2
ibmsterling_connect_direct_user_interface
1.4.0.3
ibmsterling_connect_direct_user_interface
1.4.0.6
ibmsterling_connect_direct_user_interface
1.4.0.7
ibmsterling_connect_direct_user_interface
1.4.0.10
ibmsterling_connect_direct_user_interface
1.5.0.0
ibmsterling_connect_direct_user_interface
1.5.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1IC90478
http://www-01.ibm.com/support/docview.wss?uid=swg21640356
https://exchange.xforce.ibmcloud.com/vulnerabilities/82611
http://www-01.ibm.com/support/docview.wss?uid=swg1IC90478
http://www-01.ibm.com/support/docview.wss?uid=swg21640356
https://exchange.xforce.ibmcloud.com/vulnerabilities/82611