CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
13.7%
IBM Sterling B2B Integrator Standard Edition does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.
CVEID:CVE-2023-42011
**DESCRIPTION:**IBM Sterling B2B Integrator Standard Edition does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265508 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Sterling B2B Integrator | 6.2 |
IBM Sterling B2B Integrator | 6.1 |
B2Bi has already has X-FRAME-OPTIONS: SAMEORIGIN response header, which means that the content in an iFrame needs to come from same host to which the http request is made. So the B2Bi page canβt be embedded in an iFrame in attackerβs web site unless the attacker has the access to the web server that hosts B2Bi, which means they would have to be an administrator. Please note that this fix is already part of the affected releases of B2Bi and no update or patch is required.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | sterling_b2b_integrator | 6.0.0.0 | cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:* |
ibm | sterling_b2b_integrator | 6.2.0.2 | cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.2:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
13.7%