IBMFDC593CA4C5C2F98E0D7E0125C82B00075AF88C34F091A72E07E1EFF1E19F2C4Security Bulletin: IBM Sterling B2B Integrator has Cross Site Scripting vulnerabilities in Queue Watcher (CVE-2017-1496)
0.0005 Low
EPSS
Percentile
18.9%
Summary
IBM Sterling B2B Integrator Queue Watcher could allow a Cross Site Scripting attack
Vulnerability Details
CVEID: CVE-2017-1496**
DESCRIPTION:** IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/128694> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
IBM Sterling B2B Integrator 5.2
Remediation/Fixes
PRODUCT & Version
|
APAR
|
Remediation/Fix
—|—|—
IBM Sterling B2B Integrator 5.2
| IT19818 |
Apply Fix Pack 5020500_16, 5020602_4, or 5020603_2 available on Fix Central
Workarounds and Mitigations
None
Related
0.0005 Low
EPSS
Percentile
18.9%