PT-2016-4156 · Ibm · Ibm B2B Advanced Communications+1

Published

2016-05-15

Updated

2016-05-19

CVE-2016-0341

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Multi-Enterprise Integration Gateway versions 1.0 through 1.0.0.1 B2B Advanced Communications versions 1.0.0.2 through 1.0.0.4

Description The issue allows remote attackers to potentially obtain sensitive information by sniffing the network, as the affected software does not require HTTPS.

Recommendations For IBM Multi-Enterprise Integration Gateway versions 1.0 through 1.0.0.1, consider configuring the system to require HTTPS to encrypt data in transit. For B2B Advanced Communications versions 1.0.0.2 through 1.0.0.4, enable HTTPS to protect sensitive information from being intercepted.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2016-0341

Affected Products

Ibm B2B Advanced Communications

Ibm Multi-Enterprise Integration Gateway

PT-2016-4156 · Ibm · Ibm B2B Advanced Communications+1

CVE-2016-0341

Weakness Enumeration

Related Identifiers

Affected Products

References · 4