PT-2013-2406 · Ibm · Ibm Sterling Connect:Direct

Published

2013-06-21

Updated

2017-08-29

CVE-2013-0529

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Sterling Connect:Direct versions 1.4 through 1.4.0.10 IBM Sterling Connect:Direct versions 1.5 through 1.5.0.1

Description The issue concerns the Browser component in IBM Sterling Connect:Direct, where it fails to set the secure flag for the session cookie during an https session. This oversight makes it easier for remote attackers to capture the cookie by intercepting its transmission within an http session.

Recommendations For IBM Sterling Connect:Direct versions 1.4 through 1.4.0.10, update to version 1.4.0.11 or later. For IBM Sterling Connect:Direct versions 1.5 through 1.5.0.1, update to a version later than 1.5.0.1.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2013-0529

Affected Products

Ibm Sterling Connect:Direct

PT-2013-2406 · Ibm · Ibm Sterling Connect:Direct

CVE-2013-0529

Weakness Enumeration

Related Identifiers

Affected Products

References · 4