IBMB5DADAC9305324144733A409952AB6E1E739104C6495E446DE32CAE0309317E6Security Bulletin: Information disclosure vulnerability in IBM B2B Advanced Communications (CVE-2016-0341).
0.003 Low
EPSS
Percentile
65.3%
Summary
IBM B2B Advanced Communications can disclose sensitive information such as usernames, passwords, machine name, sensitive file locations, or any combination of that information. This information could be used to aid in further attacks against the system.
Vulnerability Details
CVEID: CVE-2016-0341 **
DESCRIPTION:** IBM 10x could allow a malicious user to obtain highly sensitive information due to missing configurations of HTTPS.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111782 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
IBM Multi-Enterprise Integration Gateway 1.0 - 1.0.0.1
IBM B2B Advanced Communications 1.0.0.2 - 1.0.0.4
Remediation/Fixes
The recommended solution is to upgrade to the current release as soon as practical. Please see below for information about the fixes available.
| _Fix_* | VRMF | APAR | How to acquire fix |
|---|---|---|---|
| Fixpack 1.0.0.5 | 1.0.0.1 | IT14835 | IBM Fix Central > B2B_Advanced_Communications_V1.0.0.5_Media |
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm multi-enterprise integration gateway | eq | 1.0.0 |
Related
0.003 Low
EPSS
Percentile
65.3%