PT-2020-18087 · Ibm · Ibm Sterling B2B Integrator Standard Edition

Published

2020-11-16

Updated

2020-11-23

CVE-2020-4475

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Sterling B2B Integrator Standard Edition versions 5.2.0.0 through 5.2.6.5 IBM Sterling B2B Integrator Standard Edition versions 6.0.0.0 through 6.0.3.2

Description The issue allows a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

Recommendations For versions 5.2.0.0 through 5.2.6.5, update to a version outside of this range to mitigate the risk. For versions 6.0.0.0 through 6.0.3.2, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider configuring the system to not return detailed technical error messages in the browser until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-4475

Affected Products

Ibm Sterling B2B Integrator Standard Edition

PT-2020-18087 · Ibm · Ibm Sterling B2B Integrator Standard Edition

CVE-2020-4475

Related Identifiers

Affected Products

References · 6