Lucene search

IbmCVELIST:CVE-2023-42011

HistoryJun 27, 2024 - 5:39 p.m.

CVE-2023-42011 IBM Sterling B2B Integrator Standard Edition tapjacking

2024-06-2717:39:04

CWE-1021

ibm

www.cve.org

ibm

sterling b2b integrator

tapjacking

vulnerability

x-force id

user confusion

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

Percentile

13.7%

JSON

IBM Sterling B2B Integrator Standard Edition 6.1 and 6.2 does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. IBM X-Force ID: 265508.

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:standard:*:*:*",
      "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "Sterling B2B Integrator Standard Edition",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "6.1, 6.2"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/265508

www.ibm.com/support/pages/node/7158657

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

Percentile

13.7%

JSON

Related for CVELIST:CVE-2023-42011