CVE-2012-5936

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
ibmsterling_b2b_integrator
5.1
ibmsterling_b2b_integrator
5.2
ibmsterling_file_gateway
2.1
ibmsterling_file_gateway
2.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg21627985
http://www-01.ibm.com/support/docview.wss?uid=swg21640830
https://exchange.xforce.ibmcloud.com/vulnerabilities/80401
http://www-01.ibm.com/support/docview.wss?uid=swg21627985
http://www-01.ibm.com/support/docview.wss?uid=swg21640830
https://exchange.xforce.ibmcloud.com/vulnerabilities/80401