| Vulnerability Name: | CVE-2012-5936 (CCN-80401) | ||||||||
| Assigned: | 2012-11-21 | ||||||||
| Published: | 2013-03-11 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-310 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2012-5936 Source: CCN Type: IBM Security Bulletin 1627985 IBM Sterling B2B Integrator's session or sensitive cookies do not have the secure attribute enabled (CVE-2012-5936) Source: CONFIRM Type: Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21627985 Source: CONFIRM Type: Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21640830 Source: XF Type: UNKNOWN sterling-b2b-cookie-disclosure(80401) Source: XF Type: UNKNOWN sterling-b2b-cookie-disclosure(80401) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||