{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-06-13T00:00:00", "descriptions": [{"lang": "en", "value": "The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21640356"}, {"name": "IC90478", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC90478"}, {"name": "sterling-cve20130529-info-disclosure(82611)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82611"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2013-0529", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21640356", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21640356"}, {"name": "IC90478", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC90478"}, {"name": "sterling-cve20130529-info-disclosure(82611)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82611"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T14:33:03.850Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21640356"}, {"name": "IC90478", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC90478"}, {"name": "sterling-cve20130529-info-disclosure(82611)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82611"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2013-0529", "datePublished": "2013-06-21T14:00:00", "dateReserved": "2012-12-16T00:00:00", "dateUpdated": "2024-08-06T14:33:03.850Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3793D730-80A7-41D2-B802-FCACFAFC8AAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "21B52871-114C-4788-BB8F-36A0D07AB994", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "E5A5F42A-41C7-4C10-8FF6-6097367E2399", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "568D3453-315F-4686-9ABA-653996BB437D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "CBB7D9F3-9CA6-4D87-9218-0A05EAE855A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2D4499E-3E98-46EB-815A-3F7768B102F0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "40BF04BE-977A-466C-9B39-987E44A3C0EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "DF778B2B-AC96-4D2E-BFDF-2C8BF15E13E0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."}, {"lang": "es", "value": "El Browser en IBM Sterling Connect:Direct v1.4 anterior a v1.4.0.11 y v1.5 hasta v1.5.0.1 no fija el flag secure para la cookie de sesi\u00f3n en una sesi\u00f3n https, lo que podr\u00eda permitir a atacantes remotos capturar esta cookie en una sesi\u00f3n HTTP."}], "id": "CVE-2013-0529", "lastModified": "2017-08-29T01:33:05.120", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-06-21T14:55:01.080", "references": [{"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC90478"}, {"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21640356"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82611"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}