Security Bulletin: IBM Integration Bus is affected by WebAdmin Session Timeout vulnerability (CVE-2017-1693)

Summary

IBM Integration Bus has addressed the following vulnerability

Vulnerability Details

CVEID: CVE-2017-1693**
DESCRIPTION:** IBM Integration Bus could allow an attacker that has captured a valid session id to highjack another users session during a small timeframe before the session times out.
CVSS Base Score: 5.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/134164 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

IBM Integration Bus V9.0.0.0 - V9.0.0.8

IBM Integration Bus V10.0.0.0 - V10.0.0.9

Remediation/Fixes

Product

| VRMF|APAR|Remediation/Fix
—|—|—|—
IBM Integration Bus| V9.0.0.9| APAR IT21158 | The APAR is available in fix pack 9.0.0.9
<http://www-01.ibm.com/support/docview.wss?uid=swg24043947&gt;
IBM Integration Bus| V10.0.10| APAR IT21158| The APAR is available in fix pack 10.0.0.10
<http://www-01.ibm.com/support/docview.wss?uid=swg24043943&gt;