An unspecified error in the Prototype JavaScript framework (prototype.js), as used in multiple products, could allow a remote attacker to conduct cross-site Ajax requests using unknown attack vectors. Note: This vulnerability affects the ajax based manager interface, ajamdemo.html, in certain versions of Asterisk.
CVEID: CVE-2008-7220**
DESCRIPTION:** An unspecified error in the Prototype JavaScript framework (prototype.js), as used in multiple products, could allow a remote attacker to conduct cross-site Ajax requests using unknown attack vectors. Note: This vulnerability affects the ajax based manager interface, ajamdemo.html, in certain versions of Asterisk.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/53652> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
IBM Sterling B2B Integrator 5.2
Product & Version
| APAR|Remediation/Fix
β|β|β
IBM Sterling B2B Integrator 5.2| IT19688| Apply B2B Integrator fix pack 5020500_16, 5020603_2 or 5020602_4 on Fix Central
None