IBM Sterling B2B Integrator could allow a local mailbox user under specific circumstances to upload or download files without proper authorization.
CVEID: CVE-2015-5019**
DESCRIPTION: *IBM Sterling B2B Integrator Standard Edition could allow a local mailbox user with expired or new passwords that are in of need changing to upload or download files without proper authorization controls.
CVSS Base Score: 3.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/106463> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N)
Sterling B2B Integrator 5.1
IBM Sterling B2B Integrator 5.2
PRODUCT & Version
|
APAR
|
Remediation/Fix
—|—|—
Sterling Integrator 5.1
|
IT11008
|
Apply Generic Interim Fix 5010004_8 available on IWM
IBM Sterling B2B Integrator 5.2
|
IT11008
|
Apply Generic Interim Fix 5020500_9 available on Fix Central
None