IBM Integration Bus has addressed the following vulnerability
CVEID: CVE-2017-1693**
DESCRIPTION:** IBM Integration Bus could allow an attacker that has captured a valid session id to highjack another users session during a small timeframe before the session times out.
CVSS Base Score: 5.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/134164 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
IBM Integration Bus V9.0.0.0 - V9.0.0.8
IBM Integration Bus V10.0.0.0 - V10.0.0.9
Product
| VRMF|APAR|Remediation/Fix
—|—|—|—
IBM Integration Bus| V9.0.0.9| APAR IT21158 | The APAR is available in fix pack 9.0.0.9
<http://www-01.ibm.com/support/docview.wss?uid=swg24043947>
IBM Integration Bus| V10.0.10| APAR IT21158| The APAR is available in fix pack 10.0.0.10
<http://www-01.ibm.com/support/docview.wss?uid=swg24043943>
CPE | Name | Operator | Version |
---|---|---|---|
ibm integration bus | eq | 10.0 | |
ibm integration bus | eq | 9.0 |