PT-2016-4156 · Ibm · Ibm B2B Advanced Communications+1

Publicado

2016-05-15

Atualizado

2016-05-19

CVE-2016-0341

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Multi-Enterprise Integration Gateway versions 1.0 through 1.0.0.1 B2B Advanced Communications versions 1.0.0.2 through 1.0.0.4

Description The issue allows remote attackers to potentially obtain sensitive information by sniffing the network, as the affected software does not require HTTPS.

Recommendations For IBM Multi-Enterprise Integration Gateway versions 1.0 through 1.0.0.1, consider configuring the system to require HTTPS to encrypt data in transit. For B2B Advanced Communications versions 1.0.0.2 through 1.0.0.4, enable HTTPS to protect sensitive information from being intercepted.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2016-0341

Produtos afetados

Ibm B2B Advanced Communications

Ibm Multi-Enterprise Integration Gateway

PT-2016-4156 · Ibm · Ibm B2B Advanced Communications+1

CVE-2016-0341

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4