Improper Cookie Security in IBM Sterling Connect:Direct Web Browser
CVE-2013-0529

Currently unrated

Key Information:

Vendor: IBM
Status: Sterling Connect Direct User Interface
Vendor: CVE Published:; 21 June 2013

Summary

An issue exists in the web browser of IBM Sterling Connect:Direct versions 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1, whereby the secure flag is not set for session cookies during HTTPS transmissions. This vulnerability exposes the session cookie to potential interception by remote attackers via HTTP connections, facilitating unauthorized access to sensitive session data.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21640356

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IC90478

vendor-advisoryx_refsource_AIXAPAR

https://exchange.xforce.ibmcloud.com/vulnerabilities/82611

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jun 21, 2013
Vulnerability Reserved
Dec 16, 2012