Lucene search
China National Vulnerability DatabaseCNVD-2023-05237HistoryJan 11, 2023 - 12:00 a.m.
IBM Sterling B2B Integrator session fixation vulnerability
2023-01-1100:00:00
China National Vulnerability Database
www.cnvd.org.cn
12
ibm sterling b2b integrator
session fixation
vulnerability
authentication
password change
exploitation
system
0.0005 Low
EPSS
Percentile
18.2%
IBM Sterling B2B Integrator is a suite of software from International Business Machines (IBM) that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with different partner communities.IBM Sterling B2B Integrator Standard Edition versions 6.0.0.0 through 6.1.2.1 contain a session fixation vulnerability that stems from a password change that does not invalidate the session and can be exploited by an authenticated attacker to The vulnerability can be exploited by an authenticated attacker to impersonate another user on the system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm sterling b2b integrator >=6.0.0.0,<=6. | eq | 1.2.1 |
Related
prion
prion
Session fixation
2023-01-05 07:15:00
cvelist
cvelist
CVE-2022-22371 IBM Sterling B2B Integrator Standard Edition session fixation
2023-01-04 17:31:51
ibm
ibm
cve
cve
CVE-2022-22371
2023-01-05 07:15:09
nvd
nvd
CVE-2022-22371
2023-01-05 07:15:09