Details of VAR-201307-0004

ID

VAR-201307-0004

CVE

CVE-2012-5936

TITLE

IBM Sterling B2B Integrator and Sterling File Gateway In Cookie Vulnerability that is captured

Trust: 0.8

sources: JVNDB: JVNDB-2013-003192

DESCRIPTION

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. IBM Sterling B2B Integrator is prone to a remote information-disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information. This may aid in further attacks. IBM Sterling B2B Integrator 5.1 is vulnerable; other versions may also be affected. IBM Sterling File Gateway is a set of file transfer software that integrates different file transfer methods and can realize secure interaction through the network. The vulnerability stems from the fact that the program creates session cookies in https sessions without setting security attributes

Trust: 2.25

sources: NVD: CVE-2012-5936 // JVNDB: JVNDB-2013-003192 // BID: 58502 // BID: 78073 // VULHUB: VHN-59217

AFFECTED PRODUCTS

vendor:	ibm	model:	sterling b2b integrator	scope:	eq	version:	5.1	Trust: 3.0
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	2.2	Trust: 2.7
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	2.1	Trust: 2.7
vendor:	ibm	model:	sterling b2b integrator	scope:	eq	version:	5.2	Trust: 2.7

sources: BID: 58502 // BID: 78073 // JVNDB: JVNDB-2013-003192 // CNNVD: CNNVD-201303-370 // NVD: CVE-2012-5936

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-5936
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-5936
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201303-370
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-59217
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-5936
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-59217
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-59217 // JVNDB: JVNDB-2013-003192 // CNNVD: CNNVD-201303-370 // NVD: CVE-2012-5936

PROBLEMTYPE DATA

problemtype:

CWE-310

Trust: 1.9

sources: VULHUB: VHN-59217 // JVNDB: JVNDB-2013-003192 // NVD: CVE-2012-5936

THREAT TYPE

network

Trust: 0.6

sources: BID: 58502 // BID: 78073

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201303-370

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003192

PATCH

title:	1640830	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21640830	Trust: 0.8
title:	1627985	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21627985	Trust: 0.8
title:	si_52_build_5020401_hotfix_3	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=46369	Trust: 0.6

sources: JVNDB: JVNDB-2013-003192 // CNNVD: CNNVD-201303-370

EXTERNAL IDS

db:	NVD	id:	CVE-2012-5936	Trust: 3.1
db:	BID	id:	58502	Trust: 1.0
db:	XF	id:	80401	Trust: 0.9
db:	JVNDB	id:	JVNDB-2013-003192	Trust: 0.8
db:	CNNVD	id:	CNNVD-201303-370	Trust: 0.7
db:	XF	id:	2	Trust: 0.6
db:	BID	id:	78073	Trust: 0.4
db:	VULHUB	id:	VHN-59217	Trust: 0.1

sources: VULHUB: VHN-59217 // BID: 58502 // BID: 78073 // JVNDB: JVNDB-2013-003192 // CNNVD: CNNVD-201303-370 // NVD: CVE-2012-5936

REFERENCES

url:	http://www-01.ibm.com/support/docview.wss?uid=swg21627985	Trust: 2.0
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21640830	Trust: 2.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/80401	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/80401	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5936	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5936	Trust: 0.8
url:	http://www.securityfocus.com/bid/58502	Trust: 0.6
url:	http://www-01.ibm.com/software/commerce/b2b/products/b2b-integrator/	Trust: 0.3
url:	https://www-304.ibm.com/support/docview.wss?uid=swg21627985	Trust: 0.3

sources: VULHUB: VHN-59217 // BID: 58502 // BID: 78073 // JVNDB: JVNDB-2013-003192 // CNNVD: CNNVD-201303-370 // NVD: CVE-2012-5936

CREDITS

IBM

Trust: 0.9

sources: BID: 58502 // CNNVD: CNNVD-201303-370

SOURCES

db:	VULHUB	id:	VHN-59217
db:	BID	id:	58502
db:	BID	id:	78073
db:	JVNDB	id:	JVNDB-2013-003192
db:	CNNVD	id:	CNNVD-201303-370
db:	NVD	id:	CVE-2012-5936

LAST UPDATE DATE

2024-08-14T12:07:50.743000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-59217	date:	2017-08-29T00:00:00
db:	BID	id:	58502	date:	2013-03-11T00:00:00
db:	BID	id:	78073	date:	2013-07-03T00:00:00
db:	JVNDB	id:	JVNDB-2013-003192	date:	2013-07-04T00:00:00
db:	CNNVD	id:	CNNVD-201303-370	date:	2013-07-04T00:00:00
db:	NVD	id:	CVE-2012-5936	date:	2017-08-29T01:32:51.997

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-59217	date:	2013-07-03T00:00:00
db:	BID	id:	58502	date:	2013-03-11T00:00:00
db:	BID	id:	78073	date:	2013-07-03T00:00:00
db:	JVNDB	id:	JVNDB-2013-003192	date:	2013-07-04T00:00:00
db:	CNNVD	id:	CNNVD-201303-370	date:	2013-03-19T00:00:00
db:	NVD	id:	CVE-2012-5936	date:	2013-07-03T13:54:30.937