Auth bypass in Ibm Sterling_b2b_integrator

CVE-2013-5413

IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not invalidate a session upon a logout action, which allows remote attackers to bypass authentication by leveraging an unattended workstation.

Vulnerability class: Broken Authentication

EPSS: 0.003 (50.3th percentile) — read the EPSS interpretation.

Affected products

Ibm Sterling_b2b_integrator — versions 5.2
Ibm Sterling_file_gateway — versions 2.2
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
IC96051 (vendor-advisory, x_refsource_AIXAPAR)
ibm-sterling-cve20135413-logout(87362) (vdb-entry, x_refsource_XF)