CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2021-20560
https://notcve.org/view.php?id=CVE-2021-20560
26 Jul 2021 — IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 199229. IBM Sterling Connect:Direct Browser User Interface versiones 1.4.1.1 y 1.5.0.2, podría permitir a un atacante remoto secuestrar la acción de hac... • https://exchange.xforce.ibmcloud.com/vulnerabilities/199229 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 2.4EPSS: 0%CPEs: 8EXPL: 0CVE-2013-0527
https://notcve.org/view.php?id=CVE-2013-0527
21 Jun 2013 — The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensitive administrative-console information by reading the screen of an unattended workstation. El Browser en IBM Sterling Connect:Direct v1.4 anterior a v1.4.0.11 y v1.5 hasta v1.5.0.1 no cierras páginas tras el timeout de la sesión, lo que podría permitir a atacantes físicamente próximos obtener información sensibl... • http://www-01.ibm.com/support/docview.wss?uid=swg1IC90479 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2013-0529
https://notcve.org/view.php?id=CVE-2013-0529
21 Jun 2013 — The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. El Browser en IBM Sterling Connect:Direct v1.4 anterior a v1.4.0.11 y v1.5 hasta v1.5.0.1 no fija el flag secure para la cookie de sesión en una sesión https, lo que podría permitir a atacantes remotos capturar esta cookie en una... • http://www-01.ibm.com/support/docview.wss?uid=swg1IC90478 • CWE-264: Permissions, Privileges, and Access Controls •