CVE-2013-0529

Currently unrated

Key Information:

Vendor: IBM
Status: Sterling Connect Direct User Interface
Vendor: CVE Published:; 21 June 2013

Summary

The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21640356

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IC90478

vendor-advisoryx_refsource_AIXAPAR

https://exchange.xforce.ibmcloud.com/vulnerabilities/82611

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jun 21, 2013
Vulnerability Reserved
Dec 16, 2012