IBM5DA79F6D9600B981889DDA23CDDDA79AA704BEB4151E35406AD7564E4257F645Security Bulletin: Multiple Cross-Site Scripting Vulnerabilities Affect IBM Sterling B2B Integrator
0.001 Low
EPSS
Percentile
23.6%
Summary
IBM Sterling B2B Integrator Standard Edition has addressed the cross-site scripting vulnerabilities
Vulnerability Details
CVEID: CVE-2019-4073 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157107> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2019-4074 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157108> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2019-4075 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157109> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2019-4076 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157110> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2019-4077 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157111> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2019-4148 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158414> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2019-4258 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159946> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
IBM Sterling B2B Integrator 5.2.0.0 - 6.0.0.1
Remediation/Fixes
PRODUCT & Version
| APAR |
Remediation/Fix
—|—|—
IBM Sterling B2B Integrator 5.2.0.0 - 6.0.0.1
| IT28063, IT28292, IT28300, IT28310, IT28306, IT28166, IT28698 |
Apply IBM Sterling B2B Integrator version 5.2.6.4_2 or 6.0.1.0 on Fix Central
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm sterling b2b integrator | eq | 5.2.0.0 | |
| ibm sterling b2b integrator | eq | 6.0.0.1 |
Related
0.001 Low
EPSS
Percentile
23.6%