CVE-2013-0539 — IBM Sterling B2B Integrator vulnerability

CWE-2553 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 48.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Sterling B2B Integrator IBM Sterling File Gateway

Timeline

PublishedJul 3

Latest updateMay 5

Description

An unspecified third-party component in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 uses short session ID values, which makes it easier for remote attackers to hijack sessions, and consequently obtain sensitive information, via a brute-force attack.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDibm/sterling_file_gateway2.1, 2.2+1

▶NVDibm/sterling_b2b_integrator5.1, 5.2+1

🔴Vulnerability Details

GHSA

GHSA-v34v-q8qc-mhqp: An unspecified third-party component in IBM Sterling B2B Integrator 5↗2022-05-05

▶

CVEList

CVE-2013-0539: An unspecified third-party component in IBM Sterling B2B Integrator 5↗2013-07-03

▶