CVE-2014-6099

Name of the Vulnerable Software and Affected Versions IBM Sterling B2B Integrator versions 5.2.x through 5.2.4

Description The issue concerns the Change Password feature, which lacks a lockout protection mechanism for invalid login requests. This makes it easier for remote attackers to gain admin access using a brute-force approach.

Recommendations For IBM Sterling B2B Integrator versions 5.2.x through 5.2.4, consider implementing a custom lockout mechanism to limit invalid login attempts as a temporary workaround until a patch is available. Restrict access to the Change Password feature to minimize the risk of exploitation.