Lucene search

[email protected]CVE-2023-42011

HistoryJun 27, 2024 - 6:15 p.m.

CVE-2023-42011

2024-06-2718:15:13

CWE-1021

[email protected]

web.nvd.nist.gov

ibm

sterling b2b integrator

tapjacking

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

IBM Sterling B2B Integrator Standard Edition 6.1 and 6.2 does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. IBM X-Force ID: 265508.

Affected configurations

Vulners

Node

ibmsterling_b2b_integratorMatch6.1standard

ibmsterling_b2b_integratorMatch6.2standard

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:standard:*:*:*",
      "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "Sterling B2B Integrator Standard Edition",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "6.1, 6.2"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/265508

www.ibm.com/support/pages/node/7158657

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2023-42011

nvd1 vulnrichment1 ibm1 cvelist1