Lucene search
HistoryJul 03, 2013 - 1:54 p.m.
CVE-2012-5936
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.3
Confidence
Low
EPSS
0.002
Percentile
57.6%
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Affected configurations
Node
ibmsterling_b2b_integratorMatch5.1
ORibmsterling_b2b_integratorMatch5.2
ORibmsterling_file_gatewayMatch2.1
ORibmsterling_file_gatewayMatch2.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | sterling_b2b_integrator | 5.1 | cpe:2.3:a:ibm:sterling_b2b_integrator:5.1:*:*:*:*:*:*:* |
| ibm | sterling_b2b_integrator | 5.2 | cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:* |
| ibm | sterling_file_gateway | 2.1 | cpe:2.3:a:ibm:sterling_file_gateway:2.1:*:*:*:*:*:*:* |
| ibm | sterling_file_gateway | 2.2 | cpe:2.3:a:ibm:sterling_file_gateway:2.2:*:*:*:*:*:*:* |
Related
prion
prion
Session fixation
2013-07-03 13:54:00
cvelist
cvelist
CVE-2012-5936
2013-07-03 10:00:00
cve
cve
CVE-2012-5936
2013-07-03 13:54:30
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.3
Confidence
Low
EPSS
0.002
Percentile
57.6%
Related for NVD:CVE-2012-5936