First published: Fri Jan 19 2018(Updated: )
IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Integration Bus | =9.0.0.0 | |
IBM Integration Bus | =9.0.0.1 | |
IBM Integration Bus | =9.0.0.2 | |
IBM Integration Bus | =9.0.0.3 | |
IBM Integration Bus | =9.0.0.4 | |
IBM Integration Bus | =9.0.0.5 | |
IBM Integration Bus | =9.0.0.6 | |
IBM Integration Bus | =9.0.0.7 | |
IBM Integration Bus | =9.0.0.8 | |
IBM Integration Bus | =10.0 | |
IBM Integration Bus | =10.0.0.0 | |
IBM Integration Bus | =10.0.0.1 | |
IBM Integration Bus | =10.0.0.2 | |
IBM Integration Bus | =10.0.0.3 | |
IBM Integration Bus | =10.0.0.4 | |
IBM Integration Bus | =10.0.0.5 | |
IBM Integration Bus | =10.0.0.6 | |
IBM Integration Bus | =10.0.0.7 | |
IBM Integration Bus | =10.0.0.8 | |
IBM Integration Bus | =10.0.0.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this vulnerability is CVE-2017-1693.
The severity of CVE-2017-1693 is medium with a CVSS score of 5.6.
CVE-2017-1693 affects IBM Integration Bus versions 9.0.0.0 to 9.0.0.8, and version 10.0.0.0 to 10.0.0.9.
The vulnerability allows an attacker with a captured valid session ID to hijack another user's session during a short time frame before the session expires.
To fix CVE-2017-1693, IBM recommends applying the necessary security fixes provided by the vendor and ensuring timely session timeouts to minimize the risk of session hijacking.