PT-2015-6754 · Ibm · Ibm B2B Advanced Communications+1

Publicado

2015-10-05

·

Atualizado

2015-10-07

·

CVE-2015-5022

CVSS v2.0

4.3

Média

VetorAV:N/AC:M/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions IBM Multi-Enterprise Integration Gateway versions 1.x through 1.0.0.1 IBM B2B Advanced Communications versions 1.0.0.2 and 1.0.0.3 before 1.0.0.3 2
Description The issue allows remote authenticated users to obtain sensitive information by leveraging a trading-partner relationship and reading response fields, when access by guests is enabled. This occurs because the system places an internal hostname and a payload path in a response.
Recommendations For IBM Multi-Enterprise Integration Gateway versions 1.x through 1.0.0.1, consider disabling guest access to prevent exploitation. For IBM B2B Advanced Communications versions 1.0.0.2 and 1.0.0.3 before 1.0.0.3 2, update to version 1.0.0.3 2 or later to resolve the issue.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2015-5022

Produtos afetados

Ibm B2B Advanced Communications
Ibm Multi-Enterprise Integration Gateway