Vulnerabilities > CVE-2017-1693 - Insufficient Session Expiration vulnerability in IBM Integration BUS
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
LOW Summary
IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://www.ibm.com/support/docview.wss?uid=swg22012642
- http://www.ibm.com/support/docview.wss?uid=swg22012642
- http://www.securityfocus.com/bid/102760
- http://www.securityfocus.com/bid/102760
- https://exchange.xforce.ibmcloud.com/vulnerabilities/134164
- https://exchange.xforce.ibmcloud.com/vulnerabilities/134164