CVE-2017-1693Insufficient Session Expiration in IBM Integration BUS

CWE-613Insufficient Session Expiration4 documents4 sources
Severity
5.6MEDIUMNVD
EPSS
0.3%
top 47.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Integration BUS
Timeline
PublishedJan 19
Latest updateMay 14

Description

IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 2.2 | Impact: 3.4

Affected Packages2 packages

CVEListV5ibm/integration_bus10.0, 9.0+1
NVDibm/integration_bus20 versions+19

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-vgvj-f6vf-5394: IBM Integration Bus 92022-05-14
CVEList
CVE-2017-1693: IBM Integration Bus 92018-01-19

💥Exploits & PoCs

1
Exploit-DB
Linux Kernel (Ubuntu 17.04) - 'XFRM' Local Privilege Escalation2017-11-23
CVE-2017-1693 — Insufficient Session Expiration in IBM | cvebase