cvelistv5 - cve-2017-1693

CVE-2017-1693 (GCVE-0-2017-1693)

Vulnerability from cvelistv5 – Published: 2018-01-19 14:00 – Updated: 2024-09-16 18:38

Summary

IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164.

Severity ?

No CVSS data available.

CWE

Gain Access

Assigner

ibm

References

URL

Tags

	http://www.ibm.com/support/docview.wss?uid=swg22012642	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/102760	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	IBM	Integration Bus	Affected: 9.0 Affected: 10.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:31.879Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22012642"
          },
          {
            "name": "102760",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102760"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134164"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Integration Bus",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "10.0"
            }
          ]
        }
      ],
      "datePublic": "2018-01-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-23T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22012642"
        },
        {
          "name": "102760",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102760"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134164"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-01-17T00:00:00",
          "ID": "CVE-2017-1693",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Integration Bus",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.0"
                          },
                          {
                            "version_value": "10.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22012642",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22012642"
            },
            {
              "name": "102760",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102760"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134164",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134164"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1693",
    "datePublished": "2018-01-19T14:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T18:38:40.340Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:9.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D627B445-2980-4AC2-B674-CA4C472AB214\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:9.0.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"725E3F95-4096-497D-8F2A-02C185ACF8CB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:9.0.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ACB80DEF-E09A-4B51-96B8-75F0AD9C6499\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:9.0.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"576FE339-BD08-4994-B31A-15BC521650E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:9.0.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"371E03D4-BDD9-40A8-B24B-43C320C9F3E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:9.0.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C319D81D-E66B-47E6-A731-D5074314B94B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:9.0.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3A6D9A8-9196-4358-B2ED-BD103AB237F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:9.0.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"408B31F1-F945-4CEB-B6D4-2666A6B8B2C6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:9.0.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16DF80F1-4163-46E0-A304-BD01C11EA658\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"92E6A5C9-29C2-458D-AA67-E74945E2012F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:10.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F96E7A0A-47BD-42EC-A66C-E1F64AD6CA55\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:10.0.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6309A833-9490-494A-BE3A-BA79133BD6E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:10.0.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"50810A19-BEDC-4DF6-BA82-DAA1F96D5400\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:10.0.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97486673-4740-4F4F-8956-73C06B477096\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:10.0.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"79E917E9-DE5E-482A-9A20-823DF475BE66\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:10.0.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC25F42C-82EC-44EE-94AC-E85F428460D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:10.0.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA2BBC72-E5AD-4FAD-8F72-264794847D96\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:10.0.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3797766-D2E5-4645-A793-ABA12A10CF10\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:10.0.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1486EFCC-5D66-4172-9D57-55AB25C77B7D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:integration_bus:10.0.0.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3770768C-96D0-4D8E-8AB5-0347DBE01AF4\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164.\"}, {\"lang\": \"es\", \"value\": \"IBM Integration Bus 9.0 y 10.0 podr\\u00eda permitir que un atacante que haya capturado un id de sesi\\u00f3n v\\u00e1lido secuestre la sesi\\u00f3n de otro usuario durante una peque\\u00f1a franja de tiempo antes de que la sesi\\u00f3n expire. IBM X-Force ID: 134164.\"}]",
      "id": "CVE-2017-1693",
      "lastModified": "2024-11-21T03:22:13.700",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L\", \"baseScore\": 5.6, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-01-19T14:29:00.213",
      "references": "[{\"url\": \"http://www.ibm.com/support/docview.wss?uid=swg22012642\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/102760\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/134164\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"VDB Entry\"]}, {\"url\": \"http://www.ibm.com/support/docview.wss?uid=swg22012642\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/102760\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/134164\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"VDB Entry\"]}]",
      "sourceIdentifier": "psirt@us.ibm.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-613\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-1693\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2018-01-19T14:29:00.213\",\"lastModified\":\"2024-11-21T03:22:13.700\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164.\"},{\"lang\":\"es\",\"value\":\"IBM Integration Bus 9.0 y 10.0 podr\u00eda permitir que un atacante que haya capturado un id de sesi\u00f3n v\u00e1lido secuestre la sesi\u00f3n de otro usuario durante una peque\u00f1a franja de tiempo antes de que la sesi\u00f3n expire. IBM X-Force ID: 134164.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":5.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.2,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-613\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:9.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D627B445-2980-4AC2-B674-CA4C472AB214\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:9.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"725E3F95-4096-497D-8F2A-02C185ACF8CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:9.0.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACB80DEF-E09A-4B51-96B8-75F0AD9C6499\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:9.0.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"576FE339-BD08-4994-B31A-15BC521650E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:9.0.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"371E03D4-BDD9-40A8-B24B-43C320C9F3E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:9.0.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C319D81D-E66B-47E6-A731-D5074314B94B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:9.0.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3A6D9A8-9196-4358-B2ED-BD103AB237F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:9.0.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"408B31F1-F945-4CEB-B6D4-2666A6B8B2C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:9.0.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16DF80F1-4163-46E0-A304-BD01C11EA658\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92E6A5C9-29C2-458D-AA67-E74945E2012F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:10.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F96E7A0A-47BD-42EC-A66C-E1F64AD6CA55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:10.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6309A833-9490-494A-BE3A-BA79133BD6E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:10.0.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50810A19-BEDC-4DF6-BA82-DAA1F96D5400\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:10.0.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97486673-4740-4F4F-8956-73C06B477096\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:10.0.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79E917E9-DE5E-482A-9A20-823DF475BE66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:10.0.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC25F42C-82EC-44EE-94AC-E85F428460D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:10.0.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA2BBC72-E5AD-4FAD-8F72-264794847D96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:10.0.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3797766-D2E5-4645-A793-ABA12A10CF10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:10.0.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1486EFCC-5D66-4172-9D57-55AB25C77B7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:integration_bus:10.0.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3770768C-96D0-4D8E-8AB5-0347DBE01AF4\"}]}]}],\"references\":[{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg22012642\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/102760\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/134164\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"VDB Entry\"]},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg22012642\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/102760\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/134164\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"VDB Entry\"]}]}}"
  }
}

GSD-2017-1693

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-1693

Aliases

CVE-2017-1693

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-1693",
    "description": "IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164.",
    "id": "GSD-2017-1693"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-1693"
      ],
      "details": "IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164.",
      "id": "GSD-2017-1693",
      "modified": "2023-12-13T01:21:11.459222Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "DATE_PUBLIC": "2018-01-17T00:00:00",
        "ID": "CVE-2017-1693",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Integration Bus",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "9.0"
                        },
                        {
                          "version_value": "10.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "IBM"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Gain Access"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.ibm.com/support/docview.wss?uid=swg22012642",
            "refsource": "CONFIRM",
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22012642"
          },
          {
            "name": "102760",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/102760"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134164",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134164"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:10.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:10.0.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:10.0.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:9.0.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:9.0.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:9.0.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:10.0.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:10.0.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:10.0.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:10.0.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:9.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:9.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:9.0.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:9.0.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:10.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:10.0.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:10.0.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:9.0.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:integration_bus:9.0.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2017-1693"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-613"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134164",
              "refsource": "MISC",
              "tags": [
                "VDB Entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134164"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22012642",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22012642"
            },
            {
              "name": "102760",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/102760"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 3.4
        }
      },
      "lastModifiedDate": "2018-02-05T21:29Z",
      "publishedDate": "2018-01-19T14:29Z"
    }
  }
}

CNVD-2018-03223

Vulnerability from cnvd - Published: 2018-02-12

Title

IBM Integration Bus会话劫持漏洞

Description

IBM Integration Bus（前称IBM WebSphere Message Broker）是美国IBM公司的一款企业服务总线（ESB）产品。该产品为面向服务架构（SOA）环境和非SOA环境提供连通性和通用数据转换。 IBM Integration Bus存在会话劫持漏洞。有效会话id的攻击者可利用该漏洞在会话超时之前的较短时间内劫持另一位用户的会话。

Severity

中

Patch Name

IBM Integration Bus会话劫持漏洞的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： http://www-01.ibm.com/support/docview.wss?uid=swg22012642

Reference

http://www-01.ibm.com/support/docview.wss?uid=swg22012642 https://www.securityfocus.com/bid/102760

Impacted products

Name
['IBM Integration Bus 9.0', 'IBM Integration Bus 10.0']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "102760"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-1693"
    }
  },
  "description": "IBM Integration Bus\uff08\u524d\u79f0IBM WebSphere Message Broker\uff09\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u6b3e\u4f01\u4e1a\u670d\u52a1\u603b\u7ebf\uff08ESB\uff09\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u4e3a\u9762\u5411\u670d\u52a1\u67b6\u6784\uff08SOA\uff09\u73af\u5883\u548c\u975eSOA\u73af\u5883\u63d0\u4f9b\u8fde\u901a\u6027\u548c\u901a\u7528\u6570\u636e\u8f6c\u6362\u3002\r\n\r\nIBM Integration Bus\u5b58\u5728\u4f1a\u8bdd\u52ab\u6301\u6f0f\u6d1e\u3002\u6709\u6548\u4f1a\u8bddid\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u4f1a\u8bdd\u8d85\u65f6\u4e4b\u524d\u7684\u8f83\u77ed\u65f6\u95f4\u5185\u52ab\u6301\u53e6\u4e00\u4f4d\u7528\u6237\u7684\u4f1a\u8bdd\u3002",
  "discovererName": "IBM",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg22012642",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-03223",
  "openTime": "2018-02-12",
  "patchDescription": "IBM Integration Bus\uff08\u524d\u79f0IBM WebSphere Message Broker\uff09\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u6b3e\u4f01\u4e1a\u670d\u52a1\u603b\u7ebf\uff08ESB\uff09\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u4e3a\u9762\u5411\u670d\u52a1\u67b6\u6784\uff08SOA\uff09\u73af\u5883\u548c\u975eSOA\u73af\u5883\u63d0\u4f9b\u8fde\u901a\u6027\u548c\u901a\u7528\u6570\u636e\u8f6c\u6362\u3002\r\n\r\nIBM Integration Bus\u5b58\u5728\u4f1a\u8bdd\u52ab\u6301\u6f0f\u6d1e\u3002\u6709\u6548\u4f1a\u8bddid\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u4f1a\u8bdd\u8d85\u65f6\u4e4b\u524d\u7684\u8f83\u77ed\u65f6\u95f4\u5185\u52ab\u6301\u53e6\u4e00\u4f4d\u7528\u6237\u7684\u4f1a\u8bdd\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Integration Bus\u4f1a\u8bdd\u52ab\u6301\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM Integration Bus 9.0",
      "IBM Integration Bus 10.0"
    ]
  },
  "referenceLink": "http://www-01.ibm.com/support/docview.wss?uid=swg22012642\r\nhttps://www.securityfocus.com/bid/102760",
  "serverity": "\u4e2d",
  "submitTime": "2018-01-22",
  "title": "IBM Integration Bus\u4f1a\u8bdd\u52ab\u6301\u6f0f\u6d1e"
}

GHSA-VGVJ-F6VF-5394

Vulnerability from github – Published: 2022-05-14 03:46 – Updated: 2022-05-14 03:46

Details

Severity ?

5.6 (Medium)


                  
                    CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-1693"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-613"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-01-19T14:29:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164.",
  "id": "GHSA-vgvj-f6vf-5394",
  "modified": "2022-05-14T03:46:13Z",
  "published": "2022-05-14T03:46:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1693"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134164"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22012642"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102760"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2017-1693

Vulnerability from fkie_nvd - Published: 2018-01-19 14:29 - Updated: 2024-11-21 03:22

Severity ?

5.6 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Summary

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22012642	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/102760	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/134164	VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22012642	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102760	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/134164	VDB Entry

Impacted products

Vendor	Product	Version
ibm	integration_bus	9.0.0.0
ibm	integration_bus	9.0.0.1
ibm	integration_bus	9.0.0.2
ibm	integration_bus	9.0.0.3
ibm	integration_bus	9.0.0.4
ibm	integration_bus	9.0.0.5
ibm	integration_bus	9.0.0.6
ibm	integration_bus	9.0.0.7
ibm	integration_bus	9.0.0.8
ibm	integration_bus	10.0
ibm	integration_bus	10.0.0.0
ibm	integration_bus	10.0.0.1
ibm	integration_bus	10.0.0.2
ibm	integration_bus	10.0.0.3
ibm	integration_bus	10.0.0.4
ibm	integration_bus	10.0.0.5
ibm	integration_bus	10.0.0.6
ibm	integration_bus	10.0.0.7
ibm	integration_bus	10.0.0.8
ibm	integration_bus	10.0.0.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D627B445-2980-4AC2-B674-CA4C472AB214",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "725E3F95-4096-497D-8F2A-02C185ACF8CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACB80DEF-E09A-4B51-96B8-75F0AD9C6499",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "576FE339-BD08-4994-B31A-15BC521650E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "371E03D4-BDD9-40A8-B24B-43C320C9F3E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C319D81D-E66B-47E6-A731-D5074314B94B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3A6D9A8-9196-4358-B2ED-BD103AB237F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "408B31F1-F945-4CEB-B6D4-2666A6B8B2C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:9.0.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "16DF80F1-4163-46E0-A304-BD01C11EA658",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "92E6A5C9-29C2-458D-AA67-E74945E2012F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E7A0A-47BD-42EC-A66C-E1F64AD6CA55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6309A833-9490-494A-BE3A-BA79133BD6E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "50810A19-BEDC-4DF6-BA82-DAA1F96D5400",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97486673-4740-4F4F-8956-73C06B477096",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "79E917E9-DE5E-482A-9A20-823DF475BE66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC25F42C-82EC-44EE-94AC-E85F428460D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA2BBC72-E5AD-4FAD-8F72-264794847D96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3797766-D2E5-4645-A793-ABA12A10CF10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1486EFCC-5D66-4172-9D57-55AB25C77B7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:integration_bus:10.0.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "3770768C-96D0-4D8E-8AB5-0347DBE01AF4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164."
    },
    {
      "lang": "es",
      "value": "IBM Integration Bus 9.0 y 10.0 podr\u00eda permitir que un atacante que haya capturado un id de sesi\u00f3n v\u00e1lido secuestre la sesi\u00f3n de otro usuario durante una peque\u00f1a franja de tiempo antes de que la sesi\u00f3n expire. IBM X-Force ID: 134164."
    }
  ],
  "id": "CVE-2017-1693",
  "lastModified": "2024-11-21T03:22:13.700",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-19T14:29:00.213",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22012642"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102760"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134164"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22012642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102760"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134164"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-613"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-1693 (GCVE-0-2017-1693)

GSD-2017-1693

CNVD-2018-03223

GHSA-VGVJ-F6VF-5394

FKIE_CVE-2017-1693

Tags

Sightings

Nomenclature