What is the vulnerability ID for IBM Sterling B2B Integrator Standard Edition?

The vulnerability ID for IBM Sterling B2B Integrator Standard Edition is CVE-2022-22371.

What is the severity of CVE-2022-22371?

CVE-2022-22371 has a severity rating of 6.5 (medium).

How does IBM Sterling B2B Integrator Standard Edition handle session invalidation after a password change?

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 does not invalidate session after a password change, allowing an authenticated user to impersonate another user on the system.

Which versions of IBM Sterling B2B Integrator Standard Edition are affected by CVE-2022-22371?

IBM Sterling B2B Integrator Standard Edition versions 6.0.0.0 through 6.1.2.1 are affected by CVE-2022-22371.

How can I fix the vulnerability in IBM Sterling B2B Integrator Standard Edition?

To fix the vulnerability in IBM Sterling B2B Integrator Standard Edition, upgrade to a version higher than 6.1.2.1.

Vulnerability/
CVE-2022-22371

medium

6.5

CWE

613

28/12/2022

4/1/2023

3/8/2024

CVE-2022-22371: IBM Sterling B2B Integrator Standard Edition session fixation

First published: Wed Dec 28 2022(Updated: )

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 221195.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Sterling B2B Integrator	>=6.0.0.0<=6.0.3.6
IBM Sterling B2B Integrator	>=6.1.0.0<=6.1.0.5
IBM Sterling B2B Integrator	>=6.1.1.0<=6.1.1.1
IBM Sterling B2B Integrator	=6.1.2.0
IBM AIX
Linux Linux kernel
Microsoft Windows
	<=6.0.0.0 - 6.0.3.6
	<=6.1.0.0 - 6.1.0.5, 6..1.1.0 - 6.1.1.1, 6.1.2.0

Remedy

https://www.ibm.com/support/pages/node/6852461

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6852461

Frequently Asked Questions

What is the vulnerability ID for IBM Sterling B2B Integrator Standard Edition?
The vulnerability ID for IBM Sterling B2B Integrator Standard Edition is CVE-2022-22371.
What is the severity of CVE-2022-22371?
CVE-2022-22371 has a severity rating of 6.5 (medium).
How does IBM Sterling B2B Integrator Standard Edition handle session invalidation after a password change?
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 does not invalidate session after a password change, allowing an authenticated user to impersonate another user on the system.
Which versions of IBM Sterling B2B Integrator Standard Edition are affected by CVE-2022-22371?
IBM Sterling B2B Integrator Standard Edition versions 6.0.0.0 through 6.1.2.1 are affected by CVE-2022-22371.
How can I fix the vulnerability in IBM Sterling B2B Integrator Standard Edition?
To fix the vulnerability in IBM Sterling B2B Integrator Standard Edition, upgrade to a version higher than 6.1.2.1.

collector/nvd-index
agent/references
agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/severity
agent/author
agent/weakness
agent/title
agent/remedy
agent/last-modified-date
agent/tags
agent/softwarecombine
agent/event
agent/description
collector/ibm-support
source/IBM
agent/software-canonical-lookup
vendor/ibm
canonical/ibm sterling b2b integrator
version/ibm sterling b2b integrator/6.0.0.0
version/ibm sterling b2b integrator/6.0.3.6
version/ibm sterling b2b integrator/6.1.0.0
version/ibm sterling b2b integrator/6.1.0.5
version/ibm sterling b2b integrator/6.1.1.0
version/ibm sterling b2b integrator/6.1.1.1
version/ibm sterling b2b integrator/6.1.2.0
canonical/ibm aix
vendor/linux
canonical/linux linux kernel
vendor/microsoft
canonical/microsoft windows
version/ibm sterling b2b integrator/6.0.0.0 - 6.0.3.6
version/ibm sterling b2b integrator/6.1.0.0 - 6.1.0.5, 6..1.1.0 - 6.1.1.1, 6.1.2.0