Lucene search

IBM105936FA0FD762C0BF7023A19E101EA72557246534156947A02D293AF8B16391

HistoryMar 13, 2023 - 4:41 p.m.

Security Bulletin: The dashboard UI of IBM Sterling B2B Integrator is vulnerable to information disclosure (CVE-2023-22876)

2023-03-1316:41:58

www.ibm.com

ibm sterling b2b integrator

dashboard ui

vulnerability

information disclosure

cve-2023-22876

sensitive information

affected versions

remediation

it42857 fix

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

25.5%

JSON

Summary

IBM Sterling B2B Integrator has addressed the information disclosure vulnerability.

Vulnerability Details

CVEID:CVE-2023-22876
**DESCRIPTION:**IBM Sterling B2B Integrator Standard Edition could allow a privileged user to obtain sensitive information that could aid in further attacks against the system.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244364 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Sterling B2B Integrator	6.0.0.0 - 6.0.3.7
IBM Sterling B2B Integrator	6.1.0.0 - 6.1.2.1

Remediation/Fixes

Product	Version	APAR	Remediation & Fix
IBM Sterling B2B Integrator	6.0.0.0 - 6.0.3.7	IT42857	Apply 6.0.3.8
IBM Sterling B2B Integrator	6.1.0.0 - 6.1.2.1	IT42857	Apply 6.1.2.2

The IIM versions of 6.0.3.8 and 6.1.2.2 are available on Fix Central.

The container version of 6.1.2.2 is available in IBM Entitled Registry with following tags.

cp.icr.io/cp/ibm-b2bi/b2bi:6.1.2.2 for IBM Sterling B2B Integrator
cp.icr.io/cp/ibm-sfg/sfg:6.1.2.2 for IBM Sterling File Gateway

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmsterling_b2b_integratorMatch6.0.0.0

ibmsterling_b2b_integratorMatch6.1.2.2

CPENameOperatorVersion
ibm sterling b2b integratoreq6.0.0.0
ibm sterling b2b integratoreq6.1.2.2

CPE	Name	Operator	Version
	ibm sterling b2b integrator	eq	6.0.0.0
	ibm sterling b2b integrator	eq	6.1.2.2

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

25.5%

JSON

Related for 105936FA0FD762C0BF7023A19E101EA72557246534156947A02D293AF8B16391