The Browser in IBM Sterling Connect:Direct 1.4 prior to 1.4.0.11 and 1.5 up to and including 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate malicious users to obtain sensitive administrative-console information by reading the screen of an unattended workstation.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm sterling connect direct user interface 1.4.0.0 |
||
ibm sterling connect direct user interface 1.4.0.2 |
||
ibm sterling connect direct user interface 1.4.0.7 |
||
ibm sterling connect direct user interface 1.4.0.10 |
||
ibm sterling connect direct user interface 1.4.0.3 |
||
ibm sterling connect direct user interface 1.4.0.6 |
||
ibm sterling connect direct user interface 1.5.0.0 |
||
ibm sterling connect direct user interface 1.5.0.1 |