5

CVE-2013-0529

EPSS 0.23%
Veröffentlicht 21.06.2013 14:55:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle psirt@us.ibm.com
CVE-Watchlists
Login
Unerledigt
Login

The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Sterling Connect Direct User Interface Version1.4.0.0

Ibm ≫ Sterling Connect Direct User Interface Version1.4.0.2

Ibm ≫ Sterling Connect Direct User Interface Version1.4.0.3

Ibm ≫ Sterling Connect Direct User Interface Version1.4.0.6

Ibm ≫ Sterling Connect Direct User Interface Version1.4.0.7

Ibm ≫ Sterling Connect Direct User Interface Version1.4.0.10

Ibm ≫ Sterling Connect Direct User Interface Version1.5.0.0

Ibm ≫ Sterling Connect Direct User Interface Version1.5.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.433

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

http://www-01.ibm.com/support/docview.wss?uid=swg21640356

http://www-01.ibm.com/support/docview.wss?uid=swg1IC90478

https://exchange.xforce.ibmcloud.com/vulnerabilities/82611

https://nvd.nist.gov/vuln/detail/CVE-2013-0529

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-0529

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-0529

EUVD