Lucene search

K
ibmIBMF610CD7A444D6C5883D535BD44522B40B2E891E24C7D2DF2DA64926C69F2F347
HistoryFeb 05, 2020 - 12:53 a.m.

Security Bulletin: Multiple access control vulnerabilities affect IBM Sterling B2B Integrator (CVE-2016-9983, CVE-2016-9982)

2020-02-0500:53:36
www.ibm.com
2

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

Summary

IBM Sterling B2B Integrator Standard Edition could allow an authenticate user with special privileges to view files and web pages that they should not have access to.

Vulnerability Details

CVEID: CVE-2016-9983**
DESCRIPTION:** IBM Sterling B2B Integrator Standard Edition could allow an authenticate user with special privileges to view files that they should not have access to.
CVSS Base Score: 3.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120275&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2016-9982**
DESCRIPTION:** IBM Sterling B2B Integrator Standard Edition could allow an authenticated user to obtain sensitive information such as account lists due to improper access control.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120274&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

IBM Sterling B2B Integrator 5.2

Remediation/Fixes

Product & Version

| APAR|Remediation/Fix
—|—|—
IBM Sterling B2B Integrator 5.2| IT18949| Apply B2B Integrator fix pack 5020603_2, 5020602_4 or 5020601_7 on Fix Central

Workarounds and Mitigations

None

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

Related for F610CD7A444D6C5883D535BD44522B40B2E891E24C7D2DF2DA64926C69F2F347