IBM B2B Advanced Communications can disclose sensitive information such as usernames, passwords, machine name, sensitive file locations, or any combination of that information. This information could be used to aid in further attacks against the system.
CVEID: CVE-2016-0341 **
DESCRIPTION:** IBM 10x could allow a malicious user to obtain highly sensitive information due to missing configurations of HTTPS.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111782 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
IBM Multi-Enterprise Integration Gateway 1.0 - 1.0.0.1
IBM B2B Advanced Communications 1.0.0.2 - 1.0.0.4
The recommended solution is to upgrade to the current release as soon as practical. Please see below for information about the fixes available.
_Fix_* | VRMF | APAR | How to acquire fix |
---|---|---|---|
Fixpack 1.0.0.5 | 1.0.0.1 | IT14835 | IBM Fix Central > B2B_Advanced_Communications_V1.0.0.5_Media |
None