CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
9.3%
In IBM Sterling B2B Integrator’s dashboard, many links have CSRF tokens at the end of URLs. An attacker could post something with a link to the B2Bi dashboard somewhere. If a B2Bi user who has the active http session and owns the token clicks the link then the request will be honored since it has the active http session and its associated CSRF token.
CVEID:CVE-2023-42010
**DESCRIPTION:**IBM Sterling B2B Integrator Standard Edition could disclose sensitive information in the HTTP response using man in the middle techniques.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265507 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Sterling B2B Integrator | 6.2.0.0 - 6.2.0.2 |
IBM Sterling B2B Integrator | 6.0.0.0 - 6.1.2.5 |
In B2Bi, the CSRF token is not displayed in the history of the browser because the dashboard removes it from browser’s URL location bar. To take advantage of this weakness, the person who clicks the link posted by the attacker must have an active http session and the CSRF token that is associated with that session. Please note that this fix for not showing the CSRF token in browser history is already part of the affected releases of B2Bi and no update or patch is required.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | sterling_b2b_integrator | 6.0.0.0 | cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:* |
ibm | sterling_b2b_integrator | 6.2.0.2 | cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.2:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
9.3%