IBM657EB7E85FDE5444BF1F6D25C98DE156054357724C397249BCC35CB3F30A8ABCSecurity Bulletin: IBM Sterling B2B Integrator is affected by Click jacking vulnerability (CVE-2015-4992)
EPSS
Percentile
34.2%
Summary
A Click jacking (also known as a “UI redress attack”) vulnerability has been discovered in IBM Sterling B2B Integrator.
Vulnerability Details
CVEID: CVE-2015-4992**
DESCRIPTION:** IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could send a specially crafted HTTP request to hijack the victim’s click actions or launch other client side browser attacks.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/105956> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
Sterling Integrator 5.1
IBM Sterling B2B Integrator 5.2
Remediation/Fixes
PRODUCT & Version
|
APAR
|
Remediation/Fix
—|—|—
Sterling Integrator 5.1
|
IT10723
|
Apply Generic Interim Fix 5010004_8 available on IWM
IBM Sterling B2B Integrator 5.2
|
IT10723
|
Apply Generic Interim Fix 5020500_8 available on Fix Central
Workarounds and Mitigations
None
Related
EPSS
Percentile
34.2%