Lucene search

IBM050773BDA9A1B459F23EACB2DD3CDFDDF0CA157E90DBA90E66E4A5823CD81D2D

HistoryMay 13, 2022 - 2:58 p.m.

Security Bulletin: Information Disclosure Vulnerability Affects IBM Sterling B2B Integrator (CVE-2020-4761)

2022-05-1314:58:22

www.ibm.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

42.1%

JSON

Summary

IBM Sterling B2B Integrator has addressed an information disclosure security vulnerability.

Vulnerability Details

CVEID:CVE-2020-4761
**DESCRIPTION:**IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188895 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Sterling B2B Integrator	5.2.0.0 - 5.2.6.5_2
IBM B2B Sterling Integrator	6.0.0.0 - 6.0.3.2
IBM B2B Sterling Integrator	6.1.0.0

Remediation/Fixes

Product & Version	APAR	Remediation & Fix
5.2.0.0 - 5.2.6.5_2	IT34259	Apply IBM Sterling B2B Integrator version 5.2.6.5_3, 6.0.3.3 or 6.1.0.1 on Fix Central
6.0.0.0 - 6.0.3.2	IT34359	Apply IBM Sterling B2B Integrator version 6.0.3.3 or 6.1.0.1 on Fix Central
6.1.0.0	IT34359	Apply IBM Sterling B2B Integrator version 6.1.0.1 on Fix Central

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmsterling_b2b_integratorMatch5.2.0.0

ibmsterling_b2b_integratorMatch5.2.6.5

ibmsterling_b2b_integratorMatch3

ibmsterling_b2b_integratorMatch6.0.0.0

ibmsterling_b2b_integratorMatch6.0.3.2

ibmsterling_b2b_integratorMatch6.1.0.0

CPENameOperatorVersion
ibm sterling b2b integratoreq5.2.0.0
ibm sterling b2b integratoreq5.2.6.5
ibm sterling b2b integratoreq3
ibm sterling b2b integratoreq6.0.0.0
ibm sterling b2b integratoreq6.0.3.2
ibm sterling b2b integratoreq6.1.0.0

Name	Operator	Version
ibm sterling b2b integrator	eq	5.2.0.0
ibm sterling b2b integrator	eq	5.2.6.5
ibm sterling b2b integrator	eq	3
ibm sterling b2b integrator	eq	6.0.0.0
ibm sterling b2b integrator	eq	6.0.3.2
ibm sterling b2b integrator	eq	6.1.0.0

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

42.1%

JSON

Related for 050773BDA9A1B459F23EACB2DD3CDFDDF0CA157E90DBA90E66E4A5823CD81D2D