Security Bulletin: IBM Sterling B2B Integrator vulnerable to cross-site Ajax request vulnerability due to Prototype JavaScript (CVE-2008-7220)

Summary

IBM Sterling B2B Integrator uses Prototype Javascript framework (prototypejs) which is vulnerable to cross-site Ajax request. The issue has been addressed.

Vulnerability Details

CVEID:CVE-2008-7220
**DESCRIPTION:**An unspecified error in the Prototype JavaScript framework (prototypejs), as used in multiple products, could allow a remote attacker to conduct cross-site ajax requests using unknown attack vectors. Note: This vulnerability affects the AJAX-based manager interface, ajamdemo.html, in certain versions of Asterisk.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/53652 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Affected Products and Versions

Remediation/Fixes

IBM recommends addressing the vulnerability now by upgrading.

Note that the fix may also be present in other releases. This can be verified by looking for the APAR number on the Fix List page

Workarounds and Mitigations

None