Lucene search

IBM3D1624C7942C49C34280BFAAF6A8F01F956AA6920E495AF1FC8A1FEE2AF027BC

HistoryJul 27, 2023 - 8:14 a.m.

Security Bulletin: IBM B2B Advanced Communication is vulnerable to cross-site scripting (CVE-2023-22595)

2023-07-2708:14:40

www.ibm.com

ibm b2b advanced communication

cross-site scripting

vulnerability

fixed

ibm multi-enterprise integration gateway

version 1.0.0.1

version 1.0.0.x

fix pack

credentials disclosure

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

14.0%

JSON

Summary

IBM B2B Advanced Communications has addressed a cross-site scripting vulnerability.

Vulnerability Details

CVEID:CVE-2023-22595
**DESCRIPTION:**IBM B2B Advanced Communication is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244076 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM B2B Advanced Communications	1.0.0.x
IBM Multi-Enterprise Integration Gateway	1.0.0.1

Remediation/Fixes

Product

Version

Remediation

—|—|—

IBM B2B Advanced Communications

1.0.0.x

| Apply fix pack 1.0.0.8
IBM Multi-Enterprise Integration Gateway|

1.0.0.1

| Apply fix pack 1.0.0.8

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmmulti-enterprise_integration_gatewayMatch1.0.0.6

ibmmulti-enterprise_integration_gatewayMatch1.0.0.7

ibmmulti-enterprise_integration_gatewayMatch1.0.0.8

ibmmulti-enterprise_integration_gatewayMatch1008

CPENameOperatorVersion
ibm multi-enterprise integration gatewayeq1.0.0.6
ibm multi-enterprise integration gatewayeq1.0.0.7
ibm multi-enterprise integration gatewayeq1.0.0.8
ibm multi-enterprise integration gatewayeq1008

Name	Operator	Version
ibm multi-enterprise integration gateway	eq	1.0.0.6
ibm multi-enterprise integration gateway	eq	1.0.0.7
ibm multi-enterprise integration gateway	eq	1.0.0.8
ibm multi-enterprise integration gateway	eq	1008