Lucene search

[email protected]NVD:CVE-2013-6237

HistoryDec 10, 2013 - 4:55 p.m.

CVE-2013-6237

2013-12-1016:55:25

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

AI Score

Confidence

Low

EPSS

0.004

Percentile

74.1%

JSON

The ISL Desktop plugin for Windows before 1.4.7 for ISL Light 3.5.4 and earlier allows remote authenticated users to obtain sensitive information by pasting the clipboard contents that have been copied by another user in the session.

Affected configurations

Nvd

Node

islonlineisl_desktop_pluginRange≤1.4.3--windowsisl_light

islonlineisl_desktop_pluginMatch1.3.3--windowsisl_light

islonlineisl_desktop_pluginMatch1.4.1--windowsisl_light

islonlineisl_desktop_pluginMatch1.4.2--windowsisl_light

AND

islonlineisl_lightRange≤3.5.4

VendorProductVersionCPE
islonlineisl_desktop_plugin*cpe:2.3:a:islonline:isl_desktop_plugin:*:-:-:*:windows:isl_light:*:*
islonlineisl_desktop_plugin1.3.3cpe:2.3:a:islonline:isl_desktop_plugin:1.3.3:-:-:*:windows:isl_light:*:*
islonlineisl_desktop_plugin1.4.1cpe:2.3:a:islonline:isl_desktop_plugin:1.4.1:-:-:*:windows:isl_light:*:*
islonlineisl_desktop_plugin1.4.2cpe:2.3:a:islonline:isl_desktop_plugin:1.4.2:-:-:*:windows:isl_light:*:*
islonlineisl_light*cpe:2.3:a:islonline:isl_light:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
islonline	isl_desktop_plugin	*	cpe:2.3:a:islonline:isl_desktop_plugin::-:-::windows:isl_light::
islonline	isl_desktop_plugin	1.3.3	cpe:2.3:a:islonline:isl_desktop_plugin:1.3.3:-:-::windows:isl_light::*
islonline	isl_desktop_plugin	1.4.1	cpe:2.3:a:islonline:isl_desktop_plugin:1.4.1:-:-::windows:isl_light::*
islonline	isl_desktop_plugin	1.4.2	cpe:2.3:a:islonline:isl_desktop_plugin:1.4.2:-:-::windows:isl_light::*
islonline	isl_light	*	cpe:2.3:a:islonline:isl_light::::::::

References

osvdb.org/100512

packetstormsecurity.com/files/124274/ISL-Light-Desktop-3.5.4-Information-Disclosure.html

seclists.org/fulldisclosure/2013/Dec/14

www.islonline.com/help/isl-releases-info/any/manual/?2013-11-29-rel-info-isl-light-desktop-plugin-1-4-7-win.htm

www.securityfocus.com/bid/64050

exchange.xforce.ibmcloud.com/vulnerabilities/89399

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

AI Score

Confidence

Low

EPSS

0.004

Percentile

74.1%

JSON

Related for NVD:CVE-2013-6237

cve1 packetstorm1 prion1 cvelist1