Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
IBM Sterling Connect:Direct 浏览器安全漏洞
Vulnerability Description
IBM Sterling Connect:Direct是美国IBM公司的一套点到点文件传输软件。该软件用于实现企业内和企业间的大容量、安全可靠的文件交付。 IBM Sterling Connect:Direct 1.4.0.11之前的1.4版本和1.5至1.5.0.1版本中的浏览器中存在漏洞,该漏洞源于程序对https会话中的会话cookie没有设置安全标志。远程攻击者可通过在HTTP会话拦截其传输利用该漏洞捕获cookie。
CVSS Information
N/A
Vulnerability Type
N/A