2 results (0.002 seconds)

CVSS: 1.9EPSS: 0%CPEs: 8EXPL: 0

The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensitive administrative-console information by reading the screen of an unattended workstation. El Browser en IBM Sterling Connect:Direct v1.4 anterior a v1.4.0.11 y v1.5 hasta v1.5.0.1 no cierras páginas tras el timeout de la sesión, lo que podría permitir a atacantes físicamente próximos obtener información sensible de la consolad de administración mediante la lectura de la pantalla. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC90479 http://www-01.ibm.com/support/docview.wss?uid=swg21640356 https://exchange.xforce.ibmcloud.com/vulnerabilities/82609 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0

The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. El Browser en IBM Sterling Connect:Direct v1.4 anterior a v1.4.0.11 y v1.5 hasta v1.5.0.1 no fija el flag secure para la cookie de sesión en una sesión https, lo que podría permitir a atacantes remotos capturar esta cookie en una sesión HTTP. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC90478 http://www-01.ibm.com/support/docview.wss?uid=swg21640356 https://exchange.xforce.ibmcloud.com/vulnerabilities/82611 • CWE-264: Permissions, Privileges, and Access Controls •