CVSS: 2.4EPSS: 0%CPEs: 8EXPL: 0CVE-2013-0527
https://notcve.org/view.php?id=CVE-2013-0527
21 Jun 2013 — The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensitive administrative-console information by reading the screen of an unattended workstation. El Browser en IBM Sterling Connect:Direct v1.4 anterior a v1.4.0.11 y v1.5 hasta v1.5.0.1 no cierras páginas tras el timeout de la sesión, lo que podría permitir a atacantes físicamente próximos obtener información sensibl... • http://www-01.ibm.com/support/docview.wss?uid=swg1IC90479 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2013-0529
https://notcve.org/view.php?id=CVE-2013-0529
21 Jun 2013 — The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. El Browser en IBM Sterling Connect:Direct v1.4 anterior a v1.4.0.11 y v1.5 hasta v1.5.0.1 no fija el flag secure para la cookie de sesión en una sesión https, lo que podría permitir a atacantes remotos capturar esta cookie en una... • http://www-01.ibm.com/support/docview.wss?uid=swg1IC90478 • CWE-264: Permissions, Privileges, and Access Controls •