Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM92755D52D927FDC6FB30429C5A12DDA6C135BB506A662A1E251871E360A3E567
HistoryFeb 05, 2020 - 12:53 a.m.

Security Bulletin: IBM Sterling B2B Integrator has Cross Site Scripting vulnerabilities in Queue Watcher (CVE-2015-7431)

2020-02-0500:53:36
www.ibm.com
12

EPSS

0.001

Percentile

45.5%

JSON

Summary

IBM Sterling B2B Integrator Queue Watcher could allow Cross Site Scripting attack

Vulnerability Details

CVEID: CVE-2015-7431**
DESCRIPTION:** IBM Sterling B2B Integrator is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base Score: 6.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107860&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

IBM Sterling B2B Integrator 5.2

Remediation/Fixes

PRODUCT & Version

|

APAR

|

Remediation/Fix

—|—|—

IBM Sterling B2B Integrator 5.2

|

IT04830

|

Apply Fix Pack 5020600 available on Fix Central

Workarounds and Mitigations

None

Related

cve 1
cvelist 1
prion 1
nvd 1
cve
cve
CVE-2015-7431
2016-01-02 21:59:10
cvelist
cvelist
CVE-2015-7431
2016-01-02 21:00:00
prion
prion
Cross site scripting
2016-01-02 21:59:00
nvd
nvd
CVE-2015-7431
2016-01-02 21:59:10

EPSS

0.001

Percentile

45.5%

JSON
Related for 92755D52D927FDC6FB30429C5A12DDA6C135BB506A662A1E251871E360A3E567
cve1cvelist1prion1nvd1