IBM2F5C1BDE34024EF96B2A1CB80F52B0ABC2DC99468BF632EB812A1825D067E55FSecurity Bulletin: Permission checking vulnerability affects IBM Sterling B2B Integrator (CVE-2017-1326)
EPSS
Percentile
26.8%
Summary
IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request.
Vulnerability Details
CVEID: CVE-2017-1326**
DESCRIPTION:** IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/126060> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
Affected Products and Versions
IBM Sterling B2B Integrator 5.2
Remediation/Fixes
Product & Version
| APAR|Remediation/Fix
—|—|—
IBM Sterling B2B Integrator 5.2| IT20411| Apply B2B Integrator fix pack 5020603_2 on Fix Central
Workarounds and Mitigations
None
Related
EPSS
Percentile
26.8%