CVE-2013-0527 - OpenCVE

The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensitive administrative-console information by reading the screen of an unattended workstation.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Sterling Connect Direct User Interface

Configuration 1 [-]

OR	cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.0:::::::*
	cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.2:::::::*
	cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.3:::::::*
	cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.6:::::::*
	cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.7:::::::*
	cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.10:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.5.0.0:::::::*
	cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.5.0.1:::::::*

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1IC90479	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21640356	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/82609

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2013-06-21T14:00:00

Updated: 2017-08-28T12:57:01

Reserved: 2012-12-16T00:00:00

Link: CVE-2013-0527

JSON object: View

NVD Information

Status : Modified

Published: 2013-06-21T14:55:01.050

Modified: 2017-08-29T01:33:05.043

Link: CVE-2013-0527

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-06-13T00:00:00", "descriptions": [{"lang": "en", "value": "The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensitive administrative-console information by reading the screen of an unattended workstation."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21640356"}, {"name": "IC90479", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC90479"}, {"name": "sterling-cve20130527-info-disclosure(82609)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82609"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2013-0527", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensitive administrative-console information by reading the screen of an unattended workstation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21640356", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21640356"}, {"name": "IC90479", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC90479"}, {"name": "sterling-cve20130527-info-disclosure(82609)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82609"}]}}}}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2013-0527", "datePublished": "2013-06-21T14:00:00", "dateReserved": "2012-12-16T00:00:00", "dateUpdated": "2017-08-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3793D730-80A7-41D2-B802-FCACFAFC8AAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "21B52871-114C-4788-BB8F-36A0D07AB994", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "E5A5F42A-41C7-4C10-8FF6-6097367E2399", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "568D3453-315F-4686-9ABA-653996BB437D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "CBB7D9F3-9CA6-4D87-9218-0A05EAE855A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2D4499E-3E98-46EB-815A-3F7768B102F0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "40BF04BE-977A-466C-9B39-987E44A3C0EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "DF778B2B-AC96-4D2E-BFDF-2C8BF15E13E0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensitive administrative-console information by reading the screen of an unattended workstation."}, {"lang": "es", "value": "El Browser en IBM Sterling Connect:Direct v1.4 anterior a v1.4.0.11 y v1.5 hasta v1.5.0.1 no cierras p\u00e1ginas tras el timeout de la sesi\u00f3n, lo que podr\u00eda permitir a atacantes f\u00edsicamente pr\u00f3ximos obtener informaci\u00f3n sensible de la consolad de administraci\u00f3n mediante la lectura de la pantalla."}], "id": "CVE-2013-0527", "lastModified": "2017-08-29T01:33:05.043", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-06-21T14:55:01.050", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC90479"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21640356"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82609"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}