An unspecified third-party component in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 uses short session ID values, which makes it easier for remote attackers to hijack sessions, and consequently obtain sensitive information, via a brute-force attack.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Sterling_b2b_integrator | Ibm | 5.1 (including) | 5.1 (including) |
| Sterling_b2b_integrator | Ibm | 5.2 (including) | 5.2 (including) |
| Sterling_file_gateway | Ibm | 2.1 (including) | 2.1 (including) |
| Sterling_file_gateway | Ibm | 2.2 (including) | 2.2 (including) |
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC92007
- http://www-01.ibm.com/support/docview.wss?uid=swg21640830
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82916
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC92007
- http://www-01.ibm.com/support/docview.wss?uid=swg21640830
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82916