CVE-2013-0529 : The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1

The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Published 2013-06-21 14:55:01

Updated 2025-04-11 00:51:22

Source IBM Corporation

View at NVD, CVE.org

Products affected by CVE-2013-0529

IBM » Sterling Connect Direct User Interface » Version: 1.4.0.0
cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Sterling Connect Direct User Interface » Version: 1.4.0.10
cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.10:*:*:*:*:*:*:*
Matching versions
IBM » Sterling Connect Direct User Interface » Version: 1.4.0.6
cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.6:*:*:*:*:*:*:*
Matching versions
IBM » Sterling Connect Direct User Interface » Version: 1.4.0.7
cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.7:*:*:*:*:*:*:*
Matching versions
IBM » Sterling Connect Direct User Interface » Version: 1.4.0.2
cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Sterling Connect Direct User Interface » Version: 1.4.0.3
cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Sterling Connect Direct User Interface » Version: 1.5.0.0
cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.5.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Sterling Connect Direct User Interface » Version: 1.5.0.1
cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.5.0.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2013-0529

EPSS FAQ

0.23%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 43 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-0529

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2013-0529

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-0529

http://www-01.ibm.com/support/docview.wss?uid=swg21640356

IBM Security Bulletin: IBM Sterling Connect:Direct Browser user interface has multiple vulnerabilities (CVE-2013-0527 and CVE-2013-0529)

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg1IC90478

IBM IC90478: CONNECT:DIRECT BROWSER COOKIE ATTRIBUTES NOT SET FOR OPTIMAL SECURITY
https://exchange.xforce.ibmcloud.com/vulnerabilities/82611

IBM Sterling Connect:Direct Browser cookie information disclosure CVE-2013-0529 Vulnerability Report

Jump to

Vulnerability Details : CVE-2013-0529

Products affected by CVE-2013-0529

Exploit prediction scoring system (EPSS) score for CVE-2013-0529

CVSS scores for CVE-2013-0529

CWE ids for CVE-2013-0529

References for CVE-2013-0529