Lucene search

K
ibmIBM466D31567DE2DB8270B766B1BFB99CFA70EDD545BA732B75D74D456D0230287C
HistoryMay 13, 2022 - 2:58 p.m.

Security Bulletin: IBM Sterling B2B Integrator vulnerable to cross-site Ajax request vulnerability due to Prototype JavaScript (CVE-2008-7220)

2022-05-1314:58:22
www.ibm.com
14
ibm sterling b2b integrator
cross-site ajax request
prototype javascript
cve-2008-7220
vulnerability
upgrade

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.004

Percentile

73.8%

Summary

IBM Sterling B2B Integrator uses Prototype Javascript framework (prototypejs) which is vulnerable to cross-site Ajax request. The issue has been addressed.

Vulnerability Details

CVEID:CVE-2008-7220
**DESCRIPTION:**An unspecified error in the Prototype JavaScript framework (prototypejs), as used in multiple products, could allow a remote attacker to conduct cross-site ajax requests using unknown attack vectors. Note: This vulnerability affects the AJAX-based manager interface, ajamdemo.html, in certain versions of Asterisk.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/53652 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Affected Products and Versions

Affected Product(s) APAR(s) Version(s)
IBM Sterling B2B Integrator IT33759 6.0.0.0 - 6.0.3.5
IBM Sterling B2B Integrator IT33759 6.1.0.0 - 6.1.1.0

Remediation/Fixes

IBM recommends addressing the vulnerability now by upgrading.

Product(s) Version(s) Remediation/Fix/Instructions
IBM Sterling B2B Integrator 6.0.0.0 - 6.0.3.5 Apply IBM Sterling B2B Integrator version 6.0.3.6 on Fix Central
IBM Sterling B2B Integrator 6.1.0.0 - 6.1.1.0 Apply IBM Sterling B2B Integrator version 6.1.1.1 on Fix Central

Note that the fix may also be present in other releases. This can be verified by looking for the APAR number on the Fix List page

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmsterling_b2b_integratorMatch6.0.0.0
OR
ibmsterling_b2b_integratorMatch6.1.1.1

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.004

Percentile

73.8%

Related for 466D31567DE2DB8270B766B1BFB99CFA70EDD545BA732B75D74D456D0230287C