Lucene search

IbmCVE-2016-6020

HistoryFeb 01, 2017 - 8:59 p.m.

CVE-2016-6020

2017-02-0120:59:01

CWE-601

ibm

web.nvd.nist.gov

ibm

sterling

b2b integrator

remote attack

phishing

cve-2016-6020

nvd

security vulnerability

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

40.9%

JSON

IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.

Affected configurations

Nvd

Vulners

Node

ibmsterling_b2b_integratorMatch5.2

ibmsterling_b2b_integratorMatch5.2.1

ibmsterling_b2b_integratorMatch5.2.2

ibmsterling_b2b_integratorMatch5.2.4

ibmsterling_b2b_integratorMatch5.2.4.1

ibmsterling_b2b_integratorMatch5.2.4.2

ibmsterling_b2b_integratorMatch5.2.5

ibmsterling_b2b_integratorMatch5.2.6

VendorProductVersionCPE
ibmsterling_b2b_integrator5.2cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*
ibmsterling_b2b_integrator5.2.1cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.1:*:*:*:*:*:*:*
ibmsterling_b2b_integrator5.2.2cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.2:*:*:*:*:*:*:*
ibmsterling_b2b_integrator5.2.4cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.4:*:*:*:*:*:*:*
ibmsterling_b2b_integrator5.2.4.1cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.4.1:*:*:*:*:*:*:*
ibmsterling_b2b_integrator5.2.4.2cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.4.2:*:*:*:*:*:*:*
ibmsterling_b2b_integrator5.2.5cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.5:*:*:*:*:*:*:*
ibmsterling_b2b_integrator5.2.6cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	sterling_b2b_integrator	5.2	cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:::::::*
ibm	sterling_b2b_integrator	5.2.1	cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.1:::::::*
ibm	sterling_b2b_integrator	5.2.2	cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.2:::::::*
ibm	sterling_b2b_integrator	5.2.4	cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.4:::::::*
ibm	sterling_b2b_integrator	5.2.4.1	cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.4.1:::::::*
ibm	sterling_b2b_integrator	5.2.4.2	cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.4.2:::::::*
ibm	sterling_b2b_integrator	5.2.5	cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.5:::::::*
ibm	sterling_b2b_integrator	5.2.6	cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.6:::::::*

CNA Affected

[
  {
    "product": "Sterling B2B Integrator",
    "vendor": "IBM Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "5.1"
      },
      {
        "status": "affected",
        "version": "5.2"
      },
      {
        "status": "affected",
        "version": "4.3"
      },
      {
        "status": "affected",
        "version": "5.0"
      },
      {
        "status": "affected",
        "version": "5.2.4"
      },
      {
        "status": "affected",
        "version": "-"
      },
      {
        "status": "affected",
        "version": "5.2.1"
      },
      {
        "status": "affected",
        "version": "5.2.2"
      },
      {
        "status": "affected",
        "version": "5.2.3"
      },
      {
        "status": "affected",
        "version": "5.2.4.1"
      },
      {
        "status": "affected",
        "version": "5.2.4.2"
      },
      {
        "status": "affected",
        "version": "5.2.5"
      },
      {
        "status": "affected",
        "version": "5.2.6"
      }
    ]
  }
]

References

www.ibm.com/support/docview.wss?uid=swg21995794

www.securityfocus.com/bid/95098

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

40.9%

JSON

Related for CVE-2016-6020