Lucene search

K
ibmIBM3A7D02F876961EE1920B984D5A9926B0409E64F8073E179077D1AD4DC6C80C35
HistoryFeb 05, 2020 - 12:53 a.m.

Security Bulletin: Information disclosure vulnerability affects IBM Sterling B2B IntegratorΒ (CVE-2016-0385)

2020-02-0500:53:36
www.ibm.com
4

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

Summary

IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain unauthorized data.

Vulnerability Details

CVEID: CVE-2016-0385**
DESCRIPTION:** IBM WebSphere Application Server could allow a remote attacker to bypass security restrictions caused by a buffer overflow. This could allow the attacker to view unauthorized data.
CVSS Base Score: 3.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112359&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

IBM Sterling B2B Integrator V5.2.6

Remediation/Fixes

Product**& Version**

|

Remediated Fix

β€”|β€”
IBM Sterling B2B Integrator 5.2.6 With B2B API Installed| 1. Apply Generic Interim Fix 5020603_1 available on Fix Central
2. After 5.2.6.3_1 installation, find b2biAPIs_1000603_1.jar inside Media_IM_5020603_1.zip under β€œpackages” folder. Use InstallService.sh(cmd) to install b2biAPIs_1000603_1.jar.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm sterling b2b integratoreq5.2.6

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

Related for 3A7D02F876961EE1920B984D5A9926B0409E64F8073E179077D1AD4DC6C80C35