Details of VAR-201307-0298

ID

VAR-201307-0298

CVE

CVE-2013-0539

TITLE

IBM Sterling B2B Integrator and Sterling File Gateway Vulnerable to session hijacking

Trust: 0.8

sources: JVNDB: JVNDB-2013-003200

DESCRIPTION

An unspecified third-party component in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 uses short session ID values, which makes it easier for remote attackers to hijack sessions, and consequently obtain sensitive information, via a brute-force attack. IBM Sterling B2B Integrator and IBM Sterling File Gateway is prone to a session-hijacking vulnerability. An attacker can exploit this issue to gain unauthorized access to the affected application. The following products are vulnerable: IBM Sterling B2B Integrator 5.2 and 5.1 IBM Sterling File Gateway 2.2 and 2.1. IBM Sterling File Gateway is a set of file transfer software that integrates different file transfer methods and can realize secure interaction through the network

Trust: 1.98

sources: NVD: CVE-2013-0539 // JVNDB: JVNDB-2013-003200 // BID: 60988 // VULHUB: VHN-60541

AFFECTED PRODUCTS

vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	2.2	Trust: 2.7
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	2.1	Trust: 2.7
vendor:	ibm	model:	sterling b2b integrator	scope:	eq	version:	5.2	Trust: 2.7
vendor:	ibm	model:	sterling b2b integrator	scope:	eq	version:	5.1	Trust: 2.7

sources: BID: 60988 // JVNDB: JVNDB-2013-003200 // CNNVD: CNNVD-201307-054 // NVD: CVE-2013-0539

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-0539
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-0539
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201307-054
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-60541
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-0539
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-60541
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-60541 // JVNDB: JVNDB-2013-003200 // CNNVD: CNNVD-201307-054 // NVD: CVE-2013-0539

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.9

sources: VULHUB: VHN-60541 // JVNDB: JVNDB-2013-003200 // NVD: CVE-2013-0539

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-054

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201307-054

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003200

PATCH

title:	IC92007	url:	http://www-01.ibm.com/support/docview.wss?uid=swg1IC92007	Trust: 0.8
title:	1640830	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21640830	Trust: 0.8

sources: JVNDB: JVNDB-2013-003200

EXTERNAL IDS

db:	NVD	id:	CVE-2013-0539	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-003200	Trust: 0.8
db:	CNNVD	id:	CNNVD-201307-054	Trust: 0.7
db:	XF	id:	82916	Trust: 0.6
db:	XF	id:	2	Trust: 0.6
db:	AIXAPAR	id:	IC92007	Trust: 0.6
db:	BID	id:	60988	Trust: 0.4
db:	VULHUB	id:	VHN-60541	Trust: 0.1

sources: VULHUB: VHN-60541 // BID: 60988 // JVNDB: JVNDB-2013-003200 // CNNVD: CNNVD-201307-054 // NVD: CVE-2013-0539

REFERENCES

url:	http://www-01.ibm.com/support/docview.wss?uid=swg1ic92007	Trust: 2.0
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21640830	Trust: 2.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/82916	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0539	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0539	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/82916	Trust: 0.6
url:	http://www.ibm.com/	Trust: 0.3

sources: VULHUB: VHN-60541 // BID: 60988 // JVNDB: JVNDB-2013-003200 // CNNVD: CNNVD-201307-054 // NVD: CVE-2013-0539

CREDITS

IBM

Trust: 0.3

sources: BID: 60988

SOURCES

db:	VULHUB	id:	VHN-60541
db:	BID	id:	60988
db:	JVNDB	id:	JVNDB-2013-003200
db:	CNNVD	id:	CNNVD-201307-054
db:	NVD	id:	CVE-2013-0539

LAST UPDATE DATE

2024-08-14T12:49:25.062000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-60541	date:	2017-08-29T00:00:00
db:	BID	id:	60988	date:	2013-06-30T00:00:00
db:	JVNDB	id:	JVNDB-2013-003200	date:	2013-07-04T00:00:00
db:	CNNVD	id:	CNNVD-201307-054	date:	2013-07-04T00:00:00
db:	NVD	id:	CVE-2013-0539	date:	2017-08-29T01:33:05.697

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-60541	date:	2013-07-03T00:00:00
db:	BID	id:	60988	date:	2013-06-30T00:00:00
db:	JVNDB	id:	JVNDB-2013-003200	date:	2013-07-04T00:00:00
db:	CNNVD	id:	CNNVD-201307-054	date:	2013-07-04T00:00:00
db:	NVD	id:	CVE-2013-0539	date:	2013-07-03T13:54:31.030