IBM91871A306F30DED21EA9D4E766837AFB575EE3C2CF1F8F018CEB08DEACBF7AD4Security Bulletin: User permission vulnerability affects IBM Sterling B2B Integrator (CVE-2017-1326)
EPSS
Percentile
26.8%
Summary
IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request.
Vulnerability Details
CVEID: CVE-2017-1326**
DESCRIPTION:** IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/126060> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
Affected Products and Versions
IBM Sterling B2B Integrator 5.2
Remediation/Fixes
Product & Version
| APAR|Remediation/Fix
—|—|—
IBM Sterling B2B Integrator 5.2| IT20411| Apply B2B Integrator fix pack 5020603_2 on Fix Central
Workarounds and Mitigations
None
Related
EPSS
Percentile
26.8%