5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
53.6%
IBM Sterling B2B Integrator has addressed the security vulnerablities from WSS4J.
CVEID:CVE-2015-0227
**DESCRIPTION:**Apache WSS4J could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce the requireSignedEncryptedDataElements property. An attacker could exploit this vulnerability using various types of wrapping attacks to bypass security restrictions and perform unauthorized actions.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/100837 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVEID:CVE-2015-0226
**DESCRIPTION:**Apache WSS4J could allow a remote attacker to obtain sensitive information, caused by Bleichenbacherβs attack on XML Encryption. By sending a specially-crafted message, an attacker could exploit this vulnerability to decrypt the key and obtain sensitive information.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/100836 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Sterling B2B Integrator | 5.2.0.0 - 6.0.3.4 |
IBM Sterling B2B Integrator | 6.0.0.0 - 6.1.0.3 |
Product & Version | ** Remediation & Fix** |
---|---|
5.2.0.0 - 6.0.3.4 | Apply IBM Sterling B2B Integrator version 6.1.1.0 or 6.0.3.5 on Fix Central |
6.0.0.0 - 6.1.0.3 | Apply IBM Sterling B2B Integrator version 6.1.1.0 on Fix Central |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm sterling b2b integrator | eq | 5.2.0.0 | |
ibm sterling b2b integrator | eq | 6.1.1.0 |
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
53.6%