IBM140579145D648454A625A40BFB7B32C28BED8C44AED026D32BAC5B45A637A2BDSecurity Bulletin: Authentication Bypass vulnerability found in IBM Sterling B2B Integrator (CVE-2015-5019)
EPSS
Percentile
46.5%
Summary
IBM Sterling B2B Integrator could allow a local mailbox user under specific circumstances to upload or download files without proper authorization.
Vulnerability Details
CVEID: CVE-2015-5019**
DESCRIPTION: *IBM Sterling B2B Integrator Standard Edition could allow a local mailbox user with expired or new passwords that are in of need changing to upload or download files without proper authorization controls.
CVSS Base Score: 3.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/106463> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N)
Affected Products and Versions
Sterling B2B Integrator 5.1
IBM Sterling B2B Integrator 5.2
Remediation/Fixes
PRODUCT & Version
|
APAR
|
Remediation/Fix
—|—|—
Sterling Integrator 5.1
|
IT11008
|
Apply Generic Interim Fix 5010004_8 available on IWM
IBM Sterling B2B Integrator 5.2
|
IT11008
|
Apply Generic Interim Fix 5020500_9 available on Fix Central
Workarounds and Mitigations
None
Related
EPSS
Percentile
46.5%