Session Hijacking in IBM Integration Bus by IBM
CVE-2017-1693

5.6MEDIUM

Key Information:

Vendor
IBM
Status
Integration Bus
Vendor
CVE Published:
19 January 2018

Summary

A session hijacking vulnerability exists in IBM Integration Bus versions 9.0 and 10.0. This vulnerability allows an attacker, who has obtained a valid session ID, to take control of another user's session for a brief period before the session expiration occurs. If successful, this attack could lead to unauthorized access to sensitive information and operations within the integration environment. Immediate remediation is recommended to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Integration Bus 9.0

Integration Bus 10.0

References

http://www.ibm.com/support/docview.wss?uid=swg22012642
x_refsource_CONFIRM
http://www.securityfocus.com/bid/102760
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/134164
x_refsource_MISC

CVSS V3.1

Score:
5.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.