CVE-2015-5022

Name of the Vulnerable Software and Affected Versions IBM Multi-Enterprise Integration Gateway versions 1.x through 1.0.0.1 IBM B2B Advanced Communications versions 1.0.0.2 and 1.0.0.3 before 1.0.0.3 2

Description The issue allows remote authenticated users to obtain sensitive information by leveraging a trading-partner relationship and reading response fields, when access by guests is enabled. This occurs because the system places an internal hostname and a payload path in a response.

Recommendations For IBM Multi-Enterprise Integration Gateway versions 1.x through 1.0.0.1, consider disabling guest access to prevent exploitation. For IBM B2B Advanced Communications versions 1.0.0.2 and 1.0.0.3 before 1.0.0.3 2, update to version 1.0.0.3 2 or later to resolve the issue.