CVE-2013-0527 - OpenCVE

The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensitive administrative-console information by reading the screen of an unattended workstation.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Sterling Connect Direct User Interface

Configuration 1 [-]

OR	cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.0:::::::*
	cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.2:::::::*
	cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.3:::::::*
	cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.6:::::::*
	cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.7:::::::*
	cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.10:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.5.0.0:::::::*
	cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.5.0.1:::::::*

No data.

References

Link	Providers
http://www-01.ibm.com/support/docview.wss?uid=swg1IC90479
http://www-01.ibm.com/support/docview.wss?uid=swg21640356
https://exchange.xforce.ibmcloud.com/vulnerabilities/82609

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2013-06-21T14:00:00

Updated: 2024-08-06T14:33:03.513Z

Reserved: 2012-12-16T00:00:00

Link: CVE-2013-0527

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-06-21T14:55:01.050

Modified: 2017-08-29T01:33:05.043

Link: CVE-2013-0527

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-06-13T00:00:00", "descriptions": [{"lang": "en", "value": "The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensitive administrative-console information by reading the screen of an unattended workstation."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21640356"}, {"name": "IC90479", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC90479"}, {"name": "sterling-cve20130527-info-disclosure(82609)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82609"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2013-0527", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensitive administrative-console information by reading the screen of an unattended workstation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21640356", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21640356"}, {"name": "IC90479", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC90479"}, {"name": "sterling-cve20130527-info-disclosure(82609)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82609"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T14:33:03.513Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21640356"}, {"name": "IC90479", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC90479"}, {"name": "sterling-cve20130527-info-disclosure(82609)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82609"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2013-0527", "datePublished": "2013-06-21T14:00:00", "dateReserved": "2012-12-16T00:00:00", "dateUpdated": "2024-08-06T14:33:03.513Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3793D730-80A7-41D2-B802-FCACFAFC8AAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "21B52871-114C-4788-BB8F-36A0D07AB994", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "E5A5F42A-41C7-4C10-8FF6-6097367E2399", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "568D3453-315F-4686-9ABA-653996BB437D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "CBB7D9F3-9CA6-4D87-9218-0A05EAE855A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2D4499E-3E98-46EB-815A-3F7768B102F0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "40BF04BE-977A-466C-9B39-987E44A3C0EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "DF778B2B-AC96-4D2E-BFDF-2C8BF15E13E0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensitive administrative-console information by reading the screen of an unattended workstation."}, {"lang": "es", "value": "El Browser en IBM Sterling Connect:Direct v1.4 anterior a v1.4.0.11 y v1.5 hasta v1.5.0.1 no cierras p\u00e1ginas tras el timeout de la sesi\u00f3n, lo que podr\u00eda permitir a atacantes f\u00edsicamente pr\u00f3ximos obtener informaci\u00f3n sensible de la consolad de administraci\u00f3n mediante la lectura de la pantalla."}], "id": "CVE-2013-0527", "lastModified": "2017-08-29T01:33:05.043", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-06-21T14:55:01.050", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC90479"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21640356"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82609"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}