IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164.
According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Integration_bus | Ibm | 9.0.0.0 (including) | 9.0.0.0 (including) |
| Integration_bus | Ibm | 9.0.0.1 (including) | 9.0.0.1 (including) |
| Integration_bus | Ibm | 9.0.0.2 (including) | 9.0.0.2 (including) |
| Integration_bus | Ibm | 9.0.0.3 (including) | 9.0.0.3 (including) |
| Integration_bus | Ibm | 9.0.0.4 (including) | 9.0.0.4 (including) |
| Integration_bus | Ibm | 9.0.0.5 (including) | 9.0.0.5 (including) |
| Integration_bus | Ibm | 9.0.0.6 (including) | 9.0.0.6 (including) |
| Integration_bus | Ibm | 9.0.0.7 (including) | 9.0.0.7 (including) |
| Integration_bus | Ibm | 9.0.0.8 (including) | 9.0.0.8 (including) |
| Integration_bus | Ibm | 10.0 (including) | 10.0 (including) |
| Integration_bus | Ibm | 10.0.0.0 (including) | 10.0.0.0 (including) |
| Integration_bus | Ibm | 10.0.0.1 (including) | 10.0.0.1 (including) |
| Integration_bus | Ibm | 10.0.0.2 (including) | 10.0.0.2 (including) |
| Integration_bus | Ibm | 10.0.0.3 (including) | 10.0.0.3 (including) |
| Integration_bus | Ibm | 10.0.0.4 (including) | 10.0.0.4 (including) |
| Integration_bus | Ibm | 10.0.0.5 (including) | 10.0.0.5 (including) |
| Integration_bus | Ibm | 10.0.0.6 (including) | 10.0.0.6 (including) |
| Integration_bus | Ibm | 10.0.0.7 (including) | 10.0.0.7 (including) |
| Integration_bus | Ibm | 10.0.0.8 (including) | 10.0.0.8 (including) |
| Integration_bus | Ibm | 10.0.0.9 (including) | 10.0.0.9 (including) |