6.2 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
An information disclosure security vulnerabilty has been addressed in IBM Sterling B2B Integrator.
CVEID:CVE-2023-25682
**DESCRIPTION:**IBM Sterling B2B Integrator Standard Edition stores potentially sensitive information in log files that could be read by a local user.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247034 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Sterling B2B Integrator | 6.0.0.0 - 6.0.3.8 |
IBM Sterling B2B Integrator | 6.1.0.0 - 6.1.2.1 |
IBM strongly recommends addressing the vulnerability now.
Product | Version | APAR | Remediation & Fix |
---|---|---|---|
IBM Sterling B2B Integrator | 6.0.0.0 - 6.0.3.8 | IT42985 | Apply 6.0.3.9 |
IBM Sterling B2B Integrator | 6.1.0.0 - 6.1.2.1 | IT42985 | Apply 6.1.2.3 or 6.2.0.0 |
The IIM versions of 6.0.3.9 and 6.1.2.3 are available on Fix Central. The IIM version of 6.2.0.0 is available on Passport Advantage
The container version of 6.1.2.3 and 6.2.0.0 are available in IBM Entitled Registry.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm sterling b2b integrator | eq | 6.0.0.0 | |
ibm sterling b2b integrator | eq | 6.2.0.0 |
6.2 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%