Security Bulletin: JavaScript vulnerability affects IBM Sterling B2B Integrator (CVE-2008-7220)

2020-02-0500:53:36

www.ibm.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Summary

An unspecified error in the Prototype JavaScript framework (prototype.js), as used in multiple products, could allow a remote attacker to conduct cross-site Ajax requests using unknown attack vectors. Note: This vulnerability affects the ajax based manager interface, ajamdemo.html, in certain versions of Asterisk.

Vulnerability Details

CVEID: CVE-2008-7220**
DESCRIPTION:** An unspecified error in the Prototype JavaScript framework (prototype.js), as used in multiple products, could allow a remote attacker to conduct cross-site Ajax requests using unknown attack vectors. Note: This vulnerability affects the ajax based manager interface, ajamdemo.html, in certain versions of Asterisk.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/53652> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Affected Products and Versions

IBM Sterling B2B Integrator 5.2

Remediation/Fixes

Product & Version

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm sterling b2b integratoreq5.2.6
ibm sterling b2b integratoreq5.2.5
ibm sterling b2b integratoreq5.2.4
ibm sterling b2b integratoreq5.2.3
ibm sterling b2b integratoreq5.2.2
ibm sterling b2b integratoreq5.2.1
ibm sterling b2b integratoreq5.2

Name	Operator	Version
ibm sterling b2b integrator	eq	5.2.6
ibm sterling b2b integrator	eq	5.2.5
ibm sterling b2b integrator	eq	5.2.4
ibm sterling b2b integrator	eq	5.2.3
ibm sterling b2b integrator	eq	5.2.2
ibm sterling b2b integrator	eq	5.2.1
ibm sterling b2b integrator	eq	5.2