3 results (0.011 seconds)

CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0

IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 199229. IBM Sterling Connect:Direct Browser User Interface versiones 1.4.1.1 y 1.5.0.2, podría permitir a un atacante remoto secuestrar la acción de hacer clic de la víctima. Al persuadir a una víctima a visitar un sitio web malicioso, un atacante remoto podría explotar esta vulnerabilidad para secuestrar las acciones de clic de la víctima y posiblemente lanzar más ataques contra la víctima. • https://exchange.xforce.ibmcloud.com/vulnerabilities/199229 https://www.ibm.com/support/pages/node/6474829 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 1.9EPSS: 0%CPEs: 8EXPL: 0

The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensitive administrative-console information by reading the screen of an unattended workstation. El Browser en IBM Sterling Connect:Direct v1.4 anterior a v1.4.0.11 y v1.5 hasta v1.5.0.1 no cierras páginas tras el timeout de la sesión, lo que podría permitir a atacantes físicamente próximos obtener información sensible de la consolad de administración mediante la lectura de la pantalla. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC90479 http://www-01.ibm.com/support/docview.wss?uid=swg21640356 https://exchange.xforce.ibmcloud.com/vulnerabilities/82609 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0

The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. El Browser en IBM Sterling Connect:Direct v1.4 anterior a v1.4.0.11 y v1.5 hasta v1.5.0.1 no fija el flag secure para la cookie de sesión en una sesión https, lo que podría permitir a atacantes remotos capturar esta cookie en una sesión HTTP. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC90478 http://www-01.ibm.com/support/docview.wss?uid=swg21640356 https://exchange.xforce.ibmcloud.com/vulnerabilities/82611 • CWE-264: Permissions, Privileges, and Access Controls •