CVE-2013-0527

Currently unrated

Key Information:

Vendor: IBM
Status: Sterling Connect Direct User Interface
Vendor: CVE Published:; 21 June 2013

Summary

The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensitive administrative-console information by reading the screen of an unattended workstation.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21640356

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IC90479

vendor-advisoryx_refsource_AIXAPAR

https://exchange.xforce.ibmcloud.com/vulnerabilities/82609

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jun 21, 2013
Vulnerability Reserved
Dec 16, 2012