CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS
Percentile
20.2%
IBM Sterling B2B Integrator has addressed the Cross Origin Sharing vulnerability in B2B API
CVEID:CVE-2021-38928
**DESCRIPTION:**IBM Sterling B2B Integrator Standard Edition uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/210323 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Sterling B2B Integrator | 6.0.0.0 - 6.0.3.6 |
IBM Sterling B2B Integrator | 6.1.0.0 - 6.1.0.5, 6…1.1.0 - 6.1.1.1, 6.1.2.0 |
Product | Version | APAR | Remediation & Fix |
---|---|---|---|
IBM Sterling B2B Integrator | 6.0.0.0 - 6.0.3.6 | IT41085 | Apply 6.0.3.7 |
IBM Sterling B2B Integrator |
6.1.0.0 - 6.1.0.5
6.1.1.0 - 6.1.1.1
6.1.2.0
|
IT41085
| Apply 6.1.0.6, 6.1.1.2 or 6.1.2.1
The version 6.0.3.7 , 6.1.0.6, 6.1.1.2 and 6.1.2.1 are available on Fix Central.
The container version of 6.1.2.1 is available in IBM Entitled Registry with following tags.
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | sterling_b2b_integrator | 6.0.0.0 | cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:* |
ibm | sterling_b2b_integrator | 6.1.2.1 | cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.1:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS
Percentile
20.2%