Lucene search

IbmVULNRICHMENT:CVE-2023-42011

HistoryJun 27, 2024 - 5:39 p.m.

CVE-2023-42011 IBM Sterling B2B Integrator Standard Edition tapjacking

2024-06-2717:39:04

CWE-1021

ibm

github.com

ibm sterling b2b integrator

tapjacking

vulnerability

ibm x-force id

user confusion

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

IBM Sterling B2B Integrator Standard Edition 6.1 and 6.2 does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. IBM X-Force ID: 265508.

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:standard:*:*:*",
      "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "Sterling B2B Integrator Standard Edition",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "6.1, 6.2"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/265508

www.ibm.com/support/pages/node/7158657

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VULNRICHMENT:CVE-2023-42011