Information Disclosure in IBM Sterling Connect:Direct Versions
CVE-2013-0527

Currently unrated

Key Information:

Vendor: IBM
Status: Sterling Connect Direct User Interface
Vendor: CVE Published:; 21 June 2013

Summary

The Browser in IBM Sterling Connect:Direct versions prior to 1.4.0.11 and 1.5 through 1.5.0.1 fails to terminate sessions upon timeout. This oversight allows potential attackers to access sensitive administrative console information by observing the unattended session on a compromised workstation. It highlights the importance of maintaining stringent session management protocols to safeguard confidential data from physical proximity threats.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21640356

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IC90479

vendor-advisoryx_refsource_AIXAPAR

https://exchange.xforce.ibmcloud.com/vulnerabilities/82609

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jun 21, 2013
Vulnerability Reserved
Dec 16, 2012