6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
0.0005 Low
EPSS
Percentile
18.2%
IBM Sterling B2B Integrator has addressed the session mismangement vulnerability in Dashboard.
CVEID:CVE-2022-22371
**DESCRIPTION:**IBM Sterling B2B Integrator Standard Edition does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221195 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Sterling B2B Integrator | 6.0.0.0 - 6.0.3.6 |
IBM Sterling B2B Integrator | 6.1.0.0 - 6.1.0.5, 6…1.1.0 - 6.1.1.1, 6.1.2.0 |
Product | Version | APAR | Remediation & Fix |
---|---|---|---|
IBM Sterling B2B Integrator | 6.0.0.0 - 6.0.3.6 | IT41026 | Apply 6.0.3.7 |
IBM Sterling B2B Integrator | 6.1.0.0 - 6.1.0.5 | ||
6.1.1.0 - 6.1.1.1 | |||
6.1.2.0 |
IT41026
| Apply 6.1.0.6, 6.1.1.2 or 6.1.2.1
The version 6.0.3.7, 6.1.0.6, 6.1.1.2 and 6.1.2.1 are available on Fix Central.
The container version of 6.1.2.1 is available in IBM Entitled Registry with following tags.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm sterling b2b integrator | eq | 6.0.0.0 | |
ibm sterling b2b integrator | eq | 6.1.2.1 |
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
0.0005 Low
EPSS
Percentile
18.2%