CVE-2023-42016

Name of the Vulnerable Software and Affected Versions IBM Sterling B2B Integrator Standard Edition versions 6.0.0.0 through 6.0.3.8 IBM Sterling B2B Integrator Standard Edition versions 6.1.0.0 through 6.1.2.3

Description The issue allows attackers to obtain cookie values by sending a http link to a user or by planting this link in a site the user visits. The cookie will be sent to the insecure link, and the attacker can then obtain the cookie value by snooping the traffic. This is due to the software not setting the secure attribute on authorization tokens or session cookies.

Recommendations For versions 6.0.0.0 through 6.0.3.8, update to a version that sets the secure attribute on authorization tokens or session cookies. For versions 6.1.0.0 through 6.1.2.3, update to a version that sets the secure attribute on authorization tokens or session cookies. As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation.