CVE-2017-1693
First published: Fri Jan 19 2018(Updated: )
IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Integration Bus | =9.0.0.0 | |
| IBM Integration Bus | =9.0.0.1 | |
| IBM Integration Bus | =9.0.0.2 | |
| IBM Integration Bus | =9.0.0.3 | |
| IBM Integration Bus | =9.0.0.4 | |
| IBM Integration Bus | =9.0.0.5 | |
| IBM Integration Bus | =9.0.0.6 | |
| IBM Integration Bus | =9.0.0.7 | |
| IBM Integration Bus | =9.0.0.8 | |
| IBM Integration Bus | =10.0 | |
| IBM Integration Bus | =10.0.0.0 | |
| IBM Integration Bus | =10.0.0.1 | |
| IBM Integration Bus | =10.0.0.2 | |
| IBM Integration Bus | =10.0.0.3 | |
| IBM Integration Bus | =10.0.0.4 | |
| IBM Integration Bus | =10.0.0.5 | |
| IBM Integration Bus | =10.0.0.6 | |
| IBM Integration Bus | =10.0.0.7 | |
| IBM Integration Bus | =10.0.0.8 | |
| IBM Integration Bus | =10.0.0.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2017-1693.
What is the severity of CVE-2017-1693?
The severity of CVE-2017-1693 is medium with a CVSS score of 5.6.
Which software versions are affected by CVE-2017-1693?
CVE-2017-1693 affects IBM Integration Bus versions 9.0.0.0 to 9.0.0.8, and version 10.0.0.0 to 10.0.0.9.
How does the vulnerability in IBM Integration Bus 9.0 and 10.0 work?
The vulnerability allows an attacker with a captured valid session ID to hijack another user's session during a short time frame before the session expires.
How can I fix CVE-2017-1693?
To fix CVE-2017-1693, IBM recommends applying the necessary security fixes provided by the vendor and ensuring timely session timeouts to minimize the risk of session hijacking.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ibm
- canonical/ibm integration bus
- version/ibm integration bus/9.0.0.0
- version/ibm integration bus/9.0.0.1
- version/ibm integration bus/9.0.0.2
- version/ibm integration bus/9.0.0.3
- version/ibm integration bus/9.0.0.4
- version/ibm integration bus/9.0.0.5
- version/ibm integration bus/9.0.0.6
- version/ibm integration bus/9.0.0.7
- version/ibm integration bus/9.0.0.8
- version/ibm integration bus/10.0
- version/ibm integration bus/10.0.0.0
- version/ibm integration bus/10.0.0.1
- version/ibm integration bus/10.0.0.2
- version/ibm integration bus/10.0.0.3
- version/ibm integration bus/10.0.0.4
- version/ibm integration bus/10.0.0.5
- version/ibm integration bus/10.0.0.6
- version/ibm integration bus/10.0.0.7
- version/ibm integration bus/10.0.0.8
- version/ibm integration bus/10.0.0.9