Skip to main content

Sterling Connect Direct User Interface

3 CVEs product

Monthly

CVE-2021-20560 MEDIUM PATCH This Month

IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Sterling Connect Direct User Interface
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2013-0529 MEDIUM This Month

The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Sterling Connect Direct User Interface
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-0527 LOW Monitor

The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain. Rated low severity (CVSS 1.9). No vendor patch available.

Information Disclosure IBM Sterling Connect Direct User Interface
NVD
CVSS 2.0
1.9
EPSS
0.1%
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Sterling Connect Direct User Interface
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Sterling Connect Direct User Interface
NVD
EPSS 0% CVSS 1.9
LOW Monitor

The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain. Rated low severity (CVSS 1.9). No vendor patch available.

Information Disclosure IBM Sterling Connect Direct User Interface
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy