CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2013-0529
https://notcve.org/view.php?id=CVE-2013-0529
21 Jun 2013 — The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. El Browser en IBM Sterling Connect:Direct v1.4 anterior a v1.4.0.11 y v1.5 hasta v1.5.0.1 no fija el flag secure para la cookie de sesión en una sesión https, lo que podría permitir a atacantes remotos capturar esta cookie en una... • http://www-01.ibm.com/support/docview.wss?uid=swg1IC90478 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.4EPSS: 0%CPEs: 8EXPL: 0CVE-2013-0527
https://notcve.org/view.php?id=CVE-2013-0527
21 Jun 2013 — The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensitive administrative-console information by reading the screen of an unattended workstation. El Browser en IBM Sterling Connect:Direct v1.4 anterior a v1.4.0.11 y v1.5 hasta v1.5.0.1 no cierras páginas tras el timeout de la sesión, lo que podría permitir a atacantes físicamente próximos obtener información sensibl... • http://www-01.ibm.com/support/docview.wss?uid=swg1IC90479 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-2989
https://notcve.org/view.php?id=CVE-2013-2989
28 May 2013 — The file-copying functionality in IBM Sterling Connect:Direct 3.8.00, 4.0.00, and 4.1.0 for UNIX on AIX 6.1 through 7.1 uses incorrect privileges, which allows local users to bypass filesystem read permissions and write permissions by leveraging authentication to the Connect:Direct product. La funcionalidad de copia de archivos de IBM Sterling Connect:Direct v3.8.00, v4.0.00, y v4.1.0 para UNIX sobre AIX v6.1 hasta v7.1 utiliza privilegios incorrectos, lo que permite a usuarios locales eludir los permisos d... • http://www-01.ibm.com/support/docview.wss?uid=swg1IC86449 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2012-6352
https://notcve.org/view.php?id=CVE-2012-6352
02 Feb 2013 — The Session Manager in IBM Sterling Connect:Direct through 4.1.0.3 on UNIX allows remote attackers to cause a denial of service (daemon crash and disk consumption) via crafted data. El Session Manager en IBM Sterling Connect: Direct hasta v4.1.0.3 en UNIX permite a atacantes remotos causar una denegación de servicio (caída del demonio y consumo de disco) mediante paquetes falsificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1QC20158 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •