CVE-2012-5936

Published: Jul 3, 2013Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Affected (4)

Products: Ibm: Sterling B2b Integrator, Sterling File Gateway

2 products

Sterling B2b Integrator

Sterling File Gateway

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Ibm Sterling B2b Integrator	Version 5.1
Ibm Sterling B2b Integrator	Version 5.2
Ibm Sterling File Gateway	Version 2.1
Ibm Sterling File Gateway	Version 2.2

Related CWEs

References (6)

http://www-01.ibm.com/support/docview.wss?uid=swg21627985

Source: psirt@us.ibm.com

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21640830

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/80401

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21627985

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21640830

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/80401

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.