IBM Sterling B2B Integrator Vulnerability: Unsecured Authorization Tokens and Session Cookies
CVE-2023-42016

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Sterling B2b Integrator
Vendor: CVE Published:; 9 February 2024

Summary

In IBM Sterling B2B Integrator, a security vulnerability exists due to the absence of the secure attribute on authorization tokens and session cookies. This issue allows potential attackers to intercept cookie values through crafted HTTP links, leading to unauthorized access if users click on these links. When a user visits a malicious site or link, the cookies can be relayed over an insecure connection, where attackers can snoop on the traffic and capture sensitive data. This flaw emphasizes the importance of implementing robust security measures to safeguard sensitive information and prevent unauthorized access.

Affected Version(s)

Sterling B2B Integrator 6.0.0.0 <= 6.0.3.8

Sterling B2B Integrator 6.1.0.0 <= 6.1.2.3

References

https://www.ibm.com/support/pages/node/7116083

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/265559

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 9, 2024
Vulnerability Reserved
Sep 6, 2023