Описание
An unspecified third-party component in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 uses short session ID values, which makes it easier for remote attackers to hijack sessions, and consequently obtain sensitive information, via a brute-force attack.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:sterling_b2b_integrator:5.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_file_gateway:2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_file_gateway:2.2:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.00275
Низкий
5 Medium
CVSS2
Дефекты
CWE-255
Связанные уязвимости
github
почти 4 года назад
An unspecified third-party component in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 uses short session ID values, which makes it easier for remote attackers to hijack sessions, and consequently obtain sensitive information, via a brute-force attack.
EPSS
Процентиль: 51%
0.00275
Низкий
5 Medium
CVSS2
Дефекты
CWE-255