IBM6D831C245DDBBA9EE74636319C42840E316B54C0243C988223167C9E0486D2B9Security Bulletin: Session management vulnerability affects IBM Sterling B2B Integrator (CVE-2017-1152)
0.001 Low
EPSS
Percentile
19.1%
Summary
IBM Sterling Global Integration On-Demand Environment does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system.
Vulnerability Details
CVEID: CVE-2017-1152**
DESCRIPTION:** IBM Sterling Global Integration On-Demand Environment does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/122293> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
IBM Sterling B2B Integrator 5.2
Remediation/Fixes
Product & Version
| Remediation/Fix
—|—
IBM Sterling B2B Integrator 5.2| For B2B API users,
1. Apply B2B Integrator fix pack 5020603_2 on Fix Central
2. After 5.2.6.3_1 installation, find b2biAPIs_1000603_2.jar inside Media_IM_5020603_2.zip under “packages” folder. Use InstallService.sh(cmd) to install b2biAPIs_1000603_2.jar.
For Health Check tool users,
1. Download healthCheck_1000303_2.jar on Fix Central
2. Use InstallService.sh (cmd)to install it.
Workarounds and Mitigations
None
Related
0.001 Low
EPSS
Percentile
19.1%