Lucene search

K
ibmIBM1A8FB0E39038FC63CE9535716EEE0744EB37045BDA917FC568994591A622FA3E
HistoryFeb 05, 2020 - 12:53 a.m.

Security Bulletin: JavaScript vulnerability affects IBM Sterling B2B Integrator (CVE-2008-7220)

2020-02-0500:53:36
www.ibm.com
10

EPSS

0.004

Percentile

73.8%

Summary

An unspecified error in the Prototype JavaScript framework (prototype.js), as used in multiple products, could allow a remote attacker to conduct cross-site Ajax requests using unknown attack vectors. Note: This vulnerability affects the ajax based manager interface, ajamdemo.html, in certain versions of Asterisk.

Vulnerability Details

CVEID: CVE-2008-7220**
DESCRIPTION:** An unspecified error in the Prototype JavaScript framework (prototype.js), as used in multiple products, could allow a remote attacker to conduct cross-site Ajax requests using unknown attack vectors. Note: This vulnerability affects the ajax based manager interface, ajamdemo.html, in certain versions of Asterisk.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/53652&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Affected Products and Versions

IBM Sterling B2B Integrator 5.2

Remediation/Fixes

Product & Version

| APAR|Remediation/Fix
—|—|—
IBM Sterling B2B Integrator 5.2| IT19688| Apply B2B Integrator fix pack 5020500_16, 5020603_2 or 5020602_4 on Fix Central

Workarounds and Mitigations

None

EPSS

0.004

Percentile

73.8%

Related for 1A8FB0E39038FC63CE9535716EEE0744EB37045BDA917FC568994591A622FA3E