Lucene search

[email protected]CVE-2015-5022

HistoryOct 06, 2015 - 1:59 a.m.

CVE-2015-5022

2015-10-0601:59:16

CWE-200

[email protected]

web.nvd.nist.gov

cve-2015-5022

ibm

multi-enterprise integration gateway

b2b advanced communications

information disclosure

vulnerability

5.7 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

54.8%

JSON

IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2, when access by guests is enabled, place an internal hostname and a payload path in a response, which allows remote authenticated users to obtain sensitive information by leveraging a trading-partner relationship and reading response fields.

Affected configurations

NVD

Node

ibmb2b_advanced_communicationsMatch1.0.0.1

ibmb2b_advanced_communicationsMatch1.0.0.2

ibmb2b_advanced_communicationsMatch1.0.0.3

CPENameOperatorVersion
ibm:b2b_advanced_communicationsibm b2b advanced communicationseq1.0.0.1
ibm:b2b_advanced_communicationsibm b2b advanced communicationseq1.0.0.2
ibm:b2b_advanced_communicationsibm b2b advanced communicationseq1.0.0.3

CPE	Name	Operator	Version
ibm:b2b_advanced_communications	ibm b2b advanced communications	eq	1.0.0.1
ibm:b2b_advanced_communications	ibm b2b advanced communications	eq	1.0.0.2
ibm:b2b_advanced_communications	ibm b2b advanced communications	eq	1.0.0.3

References

www-01.ibm.com/support/docview.wss?uid=swg1IT10702

www-01.ibm.com/support/docview.wss?uid=swg21967334

5.7 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

54.8%

JSON

Related for CVE-2015-5022

prion1 nvd1 cvelist1