Session Hijacking in IBM Integration Bus by IBM
CVE-2017-1693
5.6MEDIUM
Summary
A session hijacking vulnerability exists in IBM Integration Bus versions 9.0 and 10.0. This vulnerability allows an attacker, who has obtained a valid session ID, to take control of another user's session for a brief period before the session expiration occurs. If successful, this attack could lead to unauthorized access to sensitive information and operations within the integration environment. Immediate remediation is recommended to mitigate potential risks associated with this vulnerability.
Affected Version(s)
Integration Bus 9.0
Integration Bus 10.0
References
CVSS V3.1
Score:
5.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved