CVE-2012-5936

{"id": "CVE-2012-5936", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-07-03T13:54:30.937", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21627985", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21640830", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80401", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21627985", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21640830", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80401", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."}, {"lang": "es", "value": "IBM Sterling B2B Integrator v5.1 y v5.2 y Sterling File Gateway v2.1 y v2.2 no configura la bandera de seguridad para la sesi\u00f3n de cookie en una sesi\u00f3n https, lo que hace m\u00e1s f\u00e1cil a atacantes remotos capturar esas cookies interceptando esas transmisiones dentro de una sesi\u00f3n http."}], "lastModified": "2024-11-21T01:45:33.177", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40363692-5283-4D0C-BAE1-C049C02A0294"}, {"criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F805BA3A-178D-416E-9DED-4258F71A17C8"}, {"criteria": "cpe:2.3:a:ibm:sterling_file_gateway:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A40AC14-AC2B-4A0D-A9CC-3A00B48D8975"}, {"criteria": "cpe:2.3:a:ibm:sterling_file_gateway:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1554D69E-D68E-46CA-B1F7-C24CAABF58E8"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}