IBMA11093FBF82DEE9D4FC56CC6348A6C13F20D619D36C37393B5689E65F6C4AE8BSecurity Bulletin: Information disclosure vulnerability affects IBM Sterling B2B Integratorย (CVE-2016-0341)
0.003 Low
EPSS
Percentile
65.3%
Summary
IBM 10x vulnerability in IBM Sterling B2B Integrator could allow a remote attacker to obtain sensitive information.
Vulnerability Details
CVEID: CVE-2016-0341**
DESCRIPTION:** IBM 10x could allow a malicious user to obtain highly sensitive information due to missing configurations of HTTPS.
CVSS Base Score: 6.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111782> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
IBM Sterling B2B Integrator 5.2
Remediation/Fixes
Product
|
Version
|
Remediated Fix
โ|โ|โ
IBM Sterling B2B Integrator| 5.2|
- Apply Fix Pack 5020602 available on Fix Central_
_**Note: If you have already installed B2B APIs, do the following additional step: **
2. Use InstallService.sh or InstallService.cmd to install packages/b2biAPIs_1000602.jar in Media_IM_5020602.zip
IBM recommends that you review your entire environment to identify vulnerable releases of the open-source Apache Commons Collections and take appropriate mitigation and remediation actions.
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm sterling b2b integrator | eq | 5.2.6 | |
| ibm sterling b2b integrator | eq | 5.2.5 |
Related
0.003 Low
EPSS
Percentile
65.3%