A Click jacking (also known as a “UI redress attack”) vulnerability has been discovered in IBM Sterling B2B Integrator.
CVEID: CVE-2015-4992**
DESCRIPTION:** IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could send a specially crafted HTTP request to hijack the victim’s click actions or launch other client side browser attacks.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/105956> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Sterling Integrator 5.1
IBM Sterling B2B Integrator 5.2
PRODUCT & Version
|
APAR
|
Remediation/Fix
—|—|—
Sterling Integrator 5.1
|
IT10723
|
Apply Generic Interim Fix 5010004_8 available on IWM
IBM Sterling B2B Integrator 5.2
|
IT10723
|
Apply Generic Interim Fix 5020500_8 available on Fix Central
None